CVE-2008-4359

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch", "name": "http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt", "name": "http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2008/09/30/3", "name": "[oss-security] 20080930 Re: Re: CVE request: lighttpd issues", "tags": ["Mailing List"], "refsource": "MLIST"}, {"url": "http://trac.lighttpd.net/trac/changeset/2309", "name": "http://trac.lighttpd.net/trac/changeset/2309", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://trac.lighttpd.net/trac/ticket/1720", "name": "http://trac.lighttpd.net/trac/ticket/1720", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2008/09/30/1", "name": "[oss-security] 20080930 Re: CVE request: lighttpd issues", "tags": ["Mailing List"], "refsource": "MLIST"}, {"url": "http://trac.lighttpd.net/trac/changeset/2307", "name": "http://trac.lighttpd.net/trac/changeset/2307", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2008/09/30/2", "name": "[oss-security] 20080930 Re: CVE request: lighttpd issues", "tags": ["Mailing List"], "refsource": "MLIST"}, {"url": "http://trac.lighttpd.net/trac/changeset/2310", "name": "http://trac.lighttpd.net/trac/changeset/2310", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://trac.lighttpd.net/trac/changeset/2278", "name": "http://trac.lighttpd.net/trac/changeset/2278", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2008/dsa-1645", "name": "DSA-1645", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/32132", "name": "32132", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/31599", "name": "31599", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/32069", "name": "32069", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0309", "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0309", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/32834", "name": "32834", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html", "name": "SUSE-SR:2008:026", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://security.gentoo.org/glsa/glsa-200812-04.xml", "name": "GLSA-200812-04", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/32972", "name": "32972", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32480", "name": "32480", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309", "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2008/2741", "name": "ADV-2008-2741", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45690", "name": "lighttpd-urlredirect-rewrite-info-disclosure(45690)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/497932/100/0/threaded", "name": "20081030 rPSA-2008-0309-1 lighttpd", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-4359", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-10-03T17:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.20"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-29T15:46Z"}