Oval Definition:oval:org.opensuse.security:def:20084359
Revision Date:2022-06-30Version:1
Title:CVE-2008-4359
Description:

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-4359
Mitre CVE-2008-4359
SUSE CVE-2008-4359
SUSE-SR:2008:026
Platform(s):openSUSE 10.2
openSUSE 10.3
openSUSE 11.0
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • suse110 is installed
  • AND Package Information
  • lighttpd-mod_cml less than 1.4.19-6.2
  • OR lighttpd-mod_magnet less than 1.4.19-6.2
  • OR lighttpd-mod_mysql_vhost less than 1.4.19-6.2
  • OR lighttpd-mod_rrdtool less than 1.4.19-6.2
  • OR lighttpd-mod_trigger_b4_dl less than 1.4.19-6.2
  • OR lighttpd-mod_webdav less than 1.4.19-6.2
  • OR lighttpd less than 1.4.19-6.2
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • lighttpd-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_gssapi-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_ldap-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_mysql-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_pam-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_sasl-1.4.59-2.1 is installed
  • OR lighttpd-mod_cml-1.4.59-2.1 is installed
  • OR lighttpd-mod_magnet-1.4.59-2.1 is installed
  • OR lighttpd-mod_maxminddb-1.4.59-2.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.59-2.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.59-2.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_dbi-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_ldap-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_mysql-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_pgsql-1.4.59-2.1 is installed
  • OR lighttpd-mod_webdav-1.4.59-2.1 is installed
    • BACK