CVE-2018-19052

EPSS 58.17% · P98 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-19052

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

lighttpd ‘mod_alias_physical_handler’函数路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

lighttpd是德国软件开发者Jan Kneschke所研发的一款开源的Web服务器，它的主要特点是仅需少量的内存及CPU资源即可达到同类网页服务器的性能。 lighttpd 1.4.50之前的版本中的mod_alias.c文件的‘mod_alias_physical_handler’函数存在路径遍历漏洞。远程攻击者可利用该漏洞访问文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-19052

#	POC Description	Source Link	Shenlong Link
1	PoC for a security: potential path traversal with specific configs, if `mod_dirlisting` were enabled, which is not the default, this would result in listing the contents of the directory above the alias..	https://github.com/iveresk/cve-2018-19052	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-19052

请登录查看更多情报信息。

https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00054.htmlvendor-advisoryx_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2022/01/msg00012.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2018-19052

Same Patch Batch · n/a · 2018-11-07 · 40 CVEs total

CVE-2018-19061		Desdev DedeCMS SQL注入漏洞
CVE-2018-19075		Foscam C2和Opticam i5 安全漏洞
CVE-2018-19076		Foscam C2和Opticam i5 安全漏洞
CVE-2018-19077		Foscam OptiCam i5 安全漏洞
CVE-2018-19078		Foscam OptiCam i5 安全漏洞
CVE-2018-19079		Foscam OptiCam i5 访问控制错误漏洞
CVE-2018-19080		Foscam OptiCam i5 跨站脚本漏洞
CVE-2018-19081		Foscam OptiCam i5 操作系统命令注入漏洞
CVE-2018-19082		Foscam OptiCam i5 缓冲区错误漏洞
CVE-2018-19083		WeCenter ‘htmlspecialchars_decode’函数跨站脚本漏洞
CVE-2018-19074		Foscam C2和Opticam i5 安全漏洞
CVE-2018-19058		Poppler ‘abort()’ 函数输入验证错误漏洞
CVE-2018-19059		Poppler ‘EmbFile::save2’函数安全漏洞
CVE-2018-19060		Poppler 安全漏洞
CVE-2018-19056		Pandao Editor.md 跨站脚本漏洞
CVE-2018-19057		SimpleMDE 跨站脚本漏洞
CVE-2018-19047		mPDF 安全漏洞
CVE-2018-19053		PbootCMS 安全漏洞
CVE-2018-19050		MetInfo 跨站脚本漏洞
CVE-2018-19051		MetInfo 跨站脚本漏洞

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-19052

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-19052

I. Basic Information for CVE-2018-19052

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-19052

III. Intelligence Information for CVE-2018-19052

Same Patch Batch · n/a · 2018-11-07 · 40 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-19052

Leave a comment