Search for vulnerabilities
Vulnerability details: VCID-vf8e-g17x-aaac
Vulnerability ID VCID-vf8e-g17x-aaac
Aliases CVE-2008-4359
Summary lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.00512 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01051 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.06640 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.06640 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.06640 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
epss 0.06640 https://api.first.org/data/v1/epss?cve=CVE-2008-4359
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=465751
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-4359
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://openwall.com/lists/oss-security/2008/09/30/1
http://openwall.com/lists/oss-security/2008/09/30/2
http://openwall.com/lists/oss-security/2008/09/30/3
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4359.json
https://api.first.org/data/v1/epss?cve=CVE-2008-4359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359
http://secunia.com/advisories/32069
http://secunia.com/advisories/32132
http://secunia.com/advisories/32480
http://secunia.com/advisories/32834
http://secunia.com/advisories/32972
http://security.gentoo.org/glsa/glsa-200812-04.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/45690
http://trac.lighttpd.net/trac/changeset/2278
http://trac.lighttpd.net/trac/changeset/2307
http://trac.lighttpd.net/trac/changeset/2309
http://trac.lighttpd.net/trac/changeset/2310
http://trac.lighttpd.net/trac/ticket/1720
http://wiki.rpath.com/Advisories:rPSA-2008-0309
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309
http://www.debian.org/security/2008/dsa-1645
http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch
http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
http://www.securityfocus.com/archive/1/497932/100/0/threaded
http://www.securityfocus.com/bid/31599
http://www.vupen.com/english/advisories/2008/2741
465751 https://bugzilla.redhat.com/show_bug.cgi?id=465751
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2008-4359 https://nvd.nist.gov/vuln/detail/CVE-2008-4359
GLSA-200812-04 https://security.gentoo.org/glsa/200812-04
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4359
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.63769
EPSS Score 0.00512
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.