CVE-2006-0814 Information
Share on:
Feb 14, 2021
cve
Description
response.c in Lighttpd 1.4.10 and possibly previous versions when run on Windows allows remote attackers to read arbitrary source code via requests that contain trailing (1) .\ (dot) and (2) space characters which are ignored by Windows as demonstrated by PHP files.
Reference
http://secunia.com/advisories/18886 http://secunia.com/secunia_research/2006-9/advisory/ http://securityreason.com/securityalert/523 http://securitytracker.com/id?1015703 http://trac.lighttpd.net/trac/changeset/1005 http://www.osvdb.org/23542 http://www.securityfocus.com/archive/1/426446/100/0/threaded http://www.securityfocus.com/bid/16893 http://www.vupen.com/english/advisories/2006/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/24976