CVE-2008-4359

N/A Unknown
Published: October 03, 2008 Modified: April 23, 2026
View on NVD

Description

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Source: cve@mitre.org
Third Party Advisory
http://openwall.com/lists/oss-security/2008/09/30/1
Source: cve@mitre.org
Mailing List
http://openwall.com/lists/oss-security/2008/09/30/2
Source: cve@mitre.org
Mailing List
http://openwall.com/lists/oss-security/2008/09/30/3
Source: cve@mitre.org
Mailing List
http://secunia.com/advisories/32069
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/32132
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/32480
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/32834
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/32972
Source: cve@mitre.org
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-04.xml
Source: cve@mitre.org
Third Party Advisory
http://trac.lighttpd.net/trac/changeset/2278
Source: cve@mitre.org
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/changeset/2307
Source: cve@mitre.org
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/changeset/2309
Source: cve@mitre.org
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/changeset/2310
Source: cve@mitre.org
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/ticket/1720
Source: cve@mitre.org
Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0309
Source: cve@mitre.org
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2008/dsa-1645
Source: cve@mitre.org
Third Party Advisory
http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch
Source: cve@mitre.org
Patch Vendor Advisory
http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/archive/1/497932/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31599
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2741
Source: cve@mitre.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45690
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://openwall.com/lists/oss-security/2008/09/30/1
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://openwall.com/lists/oss-security/2008/09/30/2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://openwall.com/lists/oss-security/2008/09/30/3
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://secunia.com/advisories/32069
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32132
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32480
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32834
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32972
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-04.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://trac.lighttpd.net/trac/changeset/2278
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/changeset/2307
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/changeset/2309
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/changeset/2310
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/ticket/1720
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0309
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2008/dsa-1645
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/497932/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31599
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2741
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45690
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

48 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.5%
64th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

debian lighttpd

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A