← Back to CVEs
CVE-2008-1270
N/ADescription
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
CVE Details
CVSS v3.1 ScoreN/A
Published3/10/2008
Last Modified4/23/2026
Sourcenvd
Honeypot Sightings0
Affected Products
lighttpd:lighttpd
Weaknesses (CWE)
CWE-200
References
http://secunia.com/advisories/29318(cve@mitre.org)
http://secunia.com/advisories/29403(cve@mitre.org)
http://secunia.com/advisories/29622(cve@mitre.org)
http://secunia.com/advisories/29636(cve@mitre.org)
http://security.gentoo.org/glsa/glsa-200804-08.xml(cve@mitre.org)
http://trac.lighttpd.net/trac/ticket/1587(cve@mitre.org)
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106(cve@mitre.org)
http://www.debian.org/security/2008/dsa-1521(cve@mitre.org)
http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germany(cve@mitre.org)
http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt(cve@mitre.org)
http://www.securityfocus.com/archive/1/489465/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/28226(cve@mitre.org)
http://www.vupen.com/english/advisories/2008/0885/references(cve@mitre.org)
https://bugs.gentoo.org/show_bug.cgi?id=212930(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41173(cve@mitre.org)
https://issues.rpath.com/browse/RPL-2344(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29318(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29403(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29622(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29636(af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200804-08.xml(af854a3a-2127-422b-91ae-364da2661108)
http://trac.lighttpd.net/trac/ticket/1587(af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1521(af854a3a-2127-422b-91ae-364da2661108)
http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germany(af854a3a-2127-422b-91ae-364da2661108)
http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/489465/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28226(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0885/references(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.gentoo.org/show_bug.cgi?id=212930(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41173(af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2344(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.