NVD

Id
1229  
Name
CVE-2008-1270  
Description
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-03  
Published
2008-03-10  
Modified Date
2011-03-07  
Seq
2008-1270  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
7792 1229 CVE-2008-1270 SUSE-SR:2008:008  View
7793 1229 CVE-2008-1270 GLSA-200804-08  View
7794 1229 CVE-2008-1270 http://trac.lighttpd.net/trac/ticket/1587  View
7795 1229 CVE-2008-1270 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106  View
7796 1229 CVE-2008-1270 DSA-1521  View
7797 1229 CVE-2008-1270 http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germany  View
7798 1229 CVE-2008-1270 http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt  View
7799 1229 CVE-2008-1270 20080312 rPSA-2008-0106-1 lighttpd  View
7800 1229 CVE-2008-1270 28226  View
7801 1229 CVE-2008-1270 ADV-2008-0885  View
7802 1229 CVE-2008-1270 lighttpd-moduserdir-information-disclosure(41173)  View
7803 1229 CVE-2008-1270 https://bugs.gentoo.org/show_bug.cgi?id=212930  View
7804 1229 CVE-2008-1270 https://issues.rpath.com/browse/RPL-2344  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
48898 JVNDB-2008-004208 lighttpd の mod_userdir における任意のファイルを読まれる脆弱性 lighttpd の mod_userdir は、userdir.path を設定していない際、$HOME のデフォルトを使用するため、任意のファイルを読まれる脆弱性が存在します。 CVE-2008-1270 31383 CVE-2008-1270 1229 5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004208.html 2008-03-10 2012-09-25 View