CVE-2018-19052

An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

References

Affected packages

Git / github.com/lighttpd/lighttpd1.4

Affected ranges

Type: GIT
Repo: https://github.com/lighttpd/lighttpd1.4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2105dae0f9d7a964375ce681e53cb165375f84c1

Affected versions

lighttpd-1.*

lighttpd-1.3.11

lighttpd-1.3.12

lighttpd-1.3.13

lighttpd-1.3.14

lighttpd-1.3.15

lighttpd-1.3.16

lighttpd-1.4.1

lighttpd-1.4.2

lighttpd-1.4.25

lighttpd-1.4.26

lighttpd-1.4.27

lighttpd-1.4.28

lighttpd-1.4.29

lighttpd-1.4.3

lighttpd-1.4.30

lighttpd-1.4.31

lighttpd-1.4.32

lighttpd-1.4.33

lighttpd-1.4.34

lighttpd-1.4.35

lighttpd-1.4.36

lighttpd-1.4.36--rc1

lighttpd-1.4.37

lighttpd-1.4.38

lighttpd-1.4.39

lighttpd-1.4.4

lighttpd-1.4.40

lighttpd-1.4.41

lighttpd-1.4.42

lighttpd-1.4.43

lighttpd-1.4.44

lighttpd-1.4.45

lighttpd-1.4.46

lighttpd-1.4.47

lighttpd-1.4.48

lighttpd-1.4.49

lighttpd-1.4.5

lighttpd-1.4.6

lighttpd-1.4.7

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2018-19052-1be13382",
        "target": {
            "file": "src/mod_alias.c",
            "function": "PHYSICALPATH_FUNC"
        },
        "source": "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1",
        "digest": {
            "function_hash": "149042138735570835025939466017948242542",
            "length": 1029.0
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "id": "CVE-2018-19052-387c5170",
        "target": {
            "file": "src/mod_alias.c"
        },
        "source": "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "303192333452448327106390395563064620760",
                "80679466272643474847981161116281953383",
                "208143731090529638039435268477316973998"
            ]
        },
        "signature_type": "Line",
        "deprecated": false
    }
]