Search for vulnerabilities
Vulnerability details: VCID-cxdn-wmgp-aaaf
Vulnerability ID VCID-cxdn-wmgp-aaaf
Aliases CVE-2008-1270
Summary mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02175 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02516 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02516 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.02516 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08424 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08802 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08802 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08802 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.08868 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.10040 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
epss 0.14327 https://api.first.org/data/v1/epss?cve=CVE-2008-1270
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=437037
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-1270
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1270.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1270
https://bugs.gentoo.org/show_bug.cgi?id=212930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1270
http://secunia.com/advisories/29318
http://secunia.com/advisories/29403
http://secunia.com/advisories/29622
http://secunia.com/advisories/29636
http://security.gentoo.org/glsa/glsa-200804-08.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/41173
https://issues.rpath.com/browse/RPL-2344
http://trac.lighttpd.net/trac/ticket/1587
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106
http://www.debian.org/security/2008/dsa-1521
http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germany
http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt
http://www.securityfocus.com/archive/1/489465/100/0/threaded
http://www.securityfocus.com/bid/28226
http://www.vupen.com/english/advisories/2008/0885/references
437037 https://bugzilla.redhat.com/show_bug.cgi?id=437037
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
CVE-2008-1270 https://nvd.nist.gov/vuln/detail/CVE-2008-1270
CVE-2008-1270;OSVDB-43170 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31396.txt
CVE-2008-1270;OSVDB-43170 Exploit https://www.securityfocus.com/bid/28226/info
GLSA-200804-08 https://security.gentoo.org/glsa/200804-08
Data source Exploit-DB
Date added March 12, 2008
Description Lighttpd 1.4.x - mod_userdir Information Disclosure
Ransomware campaign use Known
Source publication date March 12, 2008
Exploit type remote
Platform linux
Source update date Feb. 4, 2014
Source URL https://www.securityfocus.com/bid/28226/info
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1270
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89656
EPSS Score 0.02175
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.