lighttpd PHP File Trailing Slash Request Source Disclosure

medium Nessus Plugin ID 39006

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The version of lighttpd running on the remote host discloses the source code of files such as PHP scripts when a '/' is appended to a URL corresponding to a symbolic link. This vulnerability occurs only on certain operating systems (FreeBSD, Mac OS X, and Solaris prior to version 10 are known to be affected) and arises because of a bug in the operating system itself in which adding a trailing slash to a symbolic link pointing to a regular file returns the link itself.

Solution

Upgrade to lighttpd version 1.4.23 or later.

See Also

http://redmine.lighttpd.net/issues/1989

http://www.lighttpd.net/2009/6/19/1-4-23-leaving-the-nest/

Plugin Details

Severity: Medium

ID: 39006

File Name: lighttpd_trailing_slash.nasl

Version: 1.23

Type: remote

Family: Web Servers

Published: 6/3/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:lighttpd:lighttpd

Required KB Items: Host/OS

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

BID: 35097