CVE-2014-2324

EPSS 71.7%

發布日:2014/3/14修改日:2026/4/28

描述

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

受影響套件(1)

Debian/lighttpdfrom 0, < 1.4.33-1+nmu3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2324