What is CVE-2018-19052?

CVE-2018-19052 is a vulnerability in N/a. Published 2018-11-07.

Is CVE-2018-19052 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched al…

EPSS: 0.571 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

iveresk/cve-2018-19052
20142995/nuclei-templates
ARPSyndicate/cvemon
Maribel0370/Nebula-io
cyb3r-w0lf/nuclei-template-collection
fklement/hades
frostworx/revopoint-pop2-linux-info

References

github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 (x_refsource_MISC)
openSUSE-SU-2019:2347 (vendor-advisory, x_refsource_SUSE)
[debian-lts-announce] 20220118 [SECURITY] [DLA 2879-1] lighttpd security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2018-19052?: CVE-2018-19052 is a vulnerability in N/a. Published 2018-11-07.
Is CVE-2018-19052 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.