Oval Definition:oval:org.opensuse.security:def:201819052
Revision Date:2022-09-02Version:1
Title:CVE-2018-19052
Description:

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-19052
openSUSE-SU-2019:2347-1
Mitre CVE-2018-19052
SUSE CVE-2018-19052
openSUSE-SU-2019:2347-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • lighttpd-1.4.54-lp150.2.3 is installed
  • AND lighttpd is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_gssapi-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_authn_gssapi is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_ldap-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_authn_ldap is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_mysql-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_authn_mysql is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_pam-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_authn_pam is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_sasl-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_authn_sasl is signed with openSUSE key
  • OR
  • lighttpd-mod_cml-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_cml is signed with openSUSE key
  • OR
  • lighttpd-mod_geoip-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_geoip is signed with openSUSE key
  • OR
  • lighttpd-mod_magnet-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_magnet is signed with openSUSE key
  • OR
  • lighttpd-mod_maxminddb-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_maxminddb is signed with openSUSE key
  • OR
  • lighttpd-mod_mysql_vhost-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_mysql_vhost is signed with openSUSE key
  • OR
  • lighttpd-mod_rrdtool-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_rrdtool is signed with openSUSE key
  • OR
  • lighttpd-mod_trigger_b4_dl-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_trigger_b4_dl is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_dbi-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_vhostdb_dbi is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_ldap-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_vhostdb_ldap is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_mysql-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_vhostdb_mysql is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_pgsql-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_vhostdb_pgsql is signed with openSUSE key
  • OR
  • lighttpd-mod_webdav-1.4.54-lp150.2.3 is installed
  • AND lighttpd-mod_webdav is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • lighttpd-1.4.54-lp151.3.3 is installed
  • AND lighttpd is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_gssapi-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_authn_gssapi is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_ldap-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_authn_ldap is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_mysql-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_authn_mysql is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_pam-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_authn_pam is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_sasl-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_authn_sasl is signed with openSUSE key
  • OR
  • lighttpd-mod_cml-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_cml is signed with openSUSE key
  • OR
  • lighttpd-mod_geoip-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_geoip is signed with openSUSE key
  • OR
  • lighttpd-mod_magnet-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_magnet is signed with openSUSE key
  • OR
  • lighttpd-mod_maxminddb-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_maxminddb is signed with openSUSE key
  • OR
  • lighttpd-mod_mysql_vhost-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_mysql_vhost is signed with openSUSE key
  • OR
  • lighttpd-mod_rrdtool-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_rrdtool is signed with openSUSE key
  • OR
  • lighttpd-mod_trigger_b4_dl-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_trigger_b4_dl is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_dbi-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_vhostdb_dbi is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_ldap-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_vhostdb_ldap is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_mysql-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_vhostdb_mysql is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_pgsql-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_vhostdb_pgsql is signed with openSUSE key
  • OR
  • lighttpd-mod_webdav-1.4.54-lp151.3.3 is installed
  • AND lighttpd-mod_webdav is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • lighttpd-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_gssapi-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_ldap-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_mysql-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_pam-1.4.59-2.1 is installed
  • OR lighttpd-mod_authn_sasl-1.4.59-2.1 is installed
  • OR lighttpd-mod_cml-1.4.59-2.1 is installed
  • OR lighttpd-mod_magnet-1.4.59-2.1 is installed
  • OR lighttpd-mod_maxminddb-1.4.59-2.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.59-2.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.59-2.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_dbi-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_ldap-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_mysql-1.4.59-2.1 is installed
  • OR lighttpd-mod_vhostdb_pgsql-1.4.59-2.1 is installed
  • OR lighttpd-mod_webdav-1.4.59-2.1 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND Package Information
  • lighttpd-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_gssapi-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_ldap-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_mysql-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_pam-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_sasl-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_cml-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_geoip-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_magnet-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_maxminddb-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_dbi-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_ldap-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_mysql-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_pgsql-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_webdav-1.4.54-bp151.4.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND
  • lighttpd-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_gssapi-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_ldap-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_mysql-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_pam-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_authn_sasl-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_cml-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_geoip-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_magnet-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_maxminddb-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_dbi-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_ldap-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_mysql-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_vhostdb_pgsql-1.4.54-bp151.4.3.1 is installed
  • OR lighttpd-mod_webdav-1.4.54-bp151.4.3.1 is installed
  • OR Package Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND
  • lighttpd-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_authn_gssapi-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_authn_ldap-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_authn_mysql-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_authn_pam-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_authn_sasl-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_cml-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_geoip-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_magnet-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_maxminddb-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_vhostdb_dbi-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_vhostdb_ldap-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_vhostdb_mysql-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_vhostdb_pgsql-1.4.54-bp150.3.3.1 is installed
  • OR lighttpd-mod_webdav-1.4.54-bp150.3.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND lighttpd is affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND lighttpd is affected
    • BACK