Launchpad.net

CVE 2008-4359

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

Related bugs and status

CVE-2008-4359 (Candidate) is related to these bugs:

Bug #279490: new lighttpd security fixes

		In	Importance	Status
279490	new lighttpd security fixes	lighttpd (Ubuntu)	Undecided	Fix Released
279490	new lighttpd security fixes	lighttpd (Ubuntu Dapper)	Undecided	Confirmed
279490	new lighttpd security fixes	lighttpd (Ubuntu Gutsy)	Undecided	Won't Fix
279490	new lighttpd security fixes	lighttpd (Ubuntu Hardy)	Undecided	Fix Released
279490	new lighttpd security fixes	lighttpd (Ubuntu Jaunty)	Undecided	Fix Released
279490	new lighttpd security fixes	lighttpd (Ubuntu Intrepid)	Undecided	Invalid

Bug #521659: New upstream 1.4.26, fixes CVE-2010-0295

		In	Importance	Status
521659	New upstream 1.4.26, fixes CVE-2010-0295	lighttpd (Ubuntu)	High	Fix Released
521659	New upstream 1.4.26, fixes CVE-2010-0295	lighttpd (Ubuntu Hardy)	Undecided	Won't Fix
521659	New upstream 1.4.26, fixes CVE-2010-0295	lighttpd (Ubuntu Jaunty)	Undecided	Won't Fix
521659	New upstream 1.4.26, fixes CVE-2010-0295	lighttpd (Ubuntu Karmic)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-4359

Related bugs and status

Related bugs

References