CVE ID:	CVE-2007-3949
Description:	mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
Test IDs:	1.3.6.1.4.1.25623.1.0.58581
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3949 Bugtraq: 20070719 rPSA-2007-0145-1 lighttpd (Google Search) http://www.securityfocus.com/archive/1/archive/1/474131/100/0/threaded http://trac.lighttpd.net/trac/changeset/1871 Debian Security Information: DSA-1362 (Google Search) http://www.debian.org/security/2007/dsa-1362 http://security.gentoo.org/glsa/glsa-200708-11.xml SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html BugTraq ID: 24967 http://www.securityfocus.com/bid/24967 http://osvdb.org/38311 http://www.vupen.com/english/advisories/2007/2585 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: