An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4775-1 advisory.

    It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication     method. A remote attacker could use this to inject arbitrary log entries and maybe obtain sensitive     information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2015-3200)

    It was discovered that Lighttpd did not properly sanitized the string used in alias. A remote attacker     could use this to access the content of the directory above the alias and obtain sensitive information.
    (CVE-2018-19052)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2887 advisory.

  - An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is     potential ../ path traversal of a single directory above an alias target, with a specific mod_alias     configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path     does have a trailing '/' character. (CVE-2018-19052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for lighttpd to version 1.4.54 fixes the following issues :

Security issues fixed :

  - CVE-2018-19052: Fixed a path traversal in mod_alias     (boo#1115016).

  - Changed the default TLS configuration of lighttpd for     better security out-of-the-box (boo#1087369).

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.(CVE-2018-19052)

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.50. It is, therefore, affected by the following vulnerabilities according to its release notes:

 - An unspecified potential path traversal in mod_alias

 - An unspecified user-after-free in core

 - An unspecified path traversal in mod_alias

 - An unspecified user-after-free in core

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.50. It is, therefore, affected by the following vulnerabilities according to its release notes:

  - An unspecified potential path traversal in mod_alias

  - An unspecified user-after-free in core

  - An unspecified path traversal in mod_alias

  - An unspecified user-after-free in core

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
183126	Ubuntu 16.04 ESM / 18.04 ESM : Lighttpd vulnerabilities (USN-4775-1)	Nessus	Ubuntu Local Security Checks	high
156818	Debian DLA-2887-1 : lighttpd - LTS security update	Nessus	Debian Local Security Checks	high
130085	openSUSE Security Update : lighttpd (openSUSE-2019-2347)	Nessus	SuSE Local Security Checks	high
127818	Amazon Linux AMI : lighttpd (ALAS-2019-1265)	Nessus	Amazon Linux Local Security Checks	high
112362	lighttpd < 1.4.50 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	high
119607	lighttpd < 1.4.50 Multiple Vulnerabilities	Nessus	Web Servers	high

Detections

Analytics

CVE-2018-19052

high

Tenable Plugins

high

high

high

high

high

high