Description

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

Remediation

References

CVE-2007-3949

Related Vulnerabilities

WordPress Plugin File Manager Remote Code Execution (4.5)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3240)

WordPress Plugin PDF Embedder Security Bypass (4.4)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.12)

WordPress Plugin Catch Import Export Security Bypass (1.8)

Severity

High

Classification

CVE-2007-3949

Tags

Missing Update Known Vulnerabilities