CVE-2007-3949

Published: Jul 24, 2007
Updated: Apr 13, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2007-3949" target="_blank" rel="noopener"> CVE-2007-3949
Severity: High
Exploit:

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

CVSS v2:

No CWE or OWASP classifications available.

Software	From	Fixed in
lighttpd / lighttpd	-	1.4.15.x

Vulnerability Database