CVE-2014-2324

EPSS 71.7%

Published: 3/14/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-2324

Description

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Affected packages (1)

Debian/lighttpdfrom 0, < 1.4.33-1+nmu3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2324