CVE-2018-19052

HIGH

lighttpd < 1.4.50 - Path Traversal via Alias Configuration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19052. PoCs published by iveresk.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2018-19052, a path traversal vulnerability in Apache's mod_alias module. The exploit demonstrates how an attacker can traverse directories above the intended alias target when specific configurations are in place.

Description

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Exploits (1)

nomisec WORKING POC 1 stars

by iveresk · poc

https://github.com/iveresk/cve-2018-19052

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2018-19052, a path traversal vulnerability in Apache's mod_alias module. The exploit demonstrates how an attacker can traverse directories above the intended alias target when specific configurations are in place.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apache HTTP Server with mod_alias

No auth needed

Prerequisites: Apache HTTP Server with mod_alias configured in a specific way (alias does not end in '/', but target filesystem path does) · mod_dirlisting enabled for directory listing

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory x_refsource_misc

https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00054.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2022/01/msg00012.html

Scores

CVSS v3 7.5

EPSS 0.1408

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (7)

debian/debian_linux 9.0

lighttpd/lighttpd < 1.4.50

opensuse/backports_sle 15.0 (2 CPE variants)

opensuse/leap 15.0

opensuse/leap 15.1

suse/suse_linux_enterprise_server 11 sp3 (2 CPE variants)

suse/suse_linux_enterprise_server 12 (5 CPE variants)

Published Nov 07, 2018

Tracked Since Feb 18, 2026