QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-4360

Back to search

CVE-2008-4360

Published: Oct 3, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

VendorProductVersions

n/a

n/a

affected
n/a

References

32069
third-party-advisory
x_refsource_SECUNIA
32972
third-party-advisory
x_refsource_SECUNIA
31600
vdb-entry
x_refsource_BID
32834
third-party-advisory
x_refsource_SECUNIA
32132
third-party-advisory
x_refsource_SECUNIA
20081030 rPSA-2008-0309-1 lighttpd
mailing-list
x_refsource_BUGTRAQ
ADV-2008-2741
vdb-entry
x_refsource_VUPEN
DSA-1645
vendor-advisory
x_refsource_DEBIAN
32480
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:026
vendor-advisory
x_refsource_SUSE
GLSA-200812-04
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now