CVE-2018-19052 -- lighttpdID: oval:org.secpod.oval:def:1901505 | Date: (C)2019-04-21 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target filesystem path does have a trailing "/" character.
Platform: |
Ubuntu 16.04 |
Ubuntu 18.10 |
Ubuntu 14.04 |
Ubuntu 18.04 |