CVE-2018-19052 vulnerability in Lighttpd and Other Products
Published on November 7, 2018

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Vendor Advisory NVD

Products Associated with CVE-2018-19052

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-19052 are published in these products:

Lighttpd

Suse Linux Enterprise Server

OpenSuse Backports Sle

OpenSuse Leap

Debian Linux

Exploit Probability

EPSS

54.96%

Percentile

98.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-19052 vulnerability in Lighttpd and Other ProductsPublished on November 7, 2018

Products Associated with CVE-2018-19052

Exploit Probability

CVE-2018-19052 vulnerability in Lighttpd and Other Products
Published on November 7, 2018