Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability Network Vulnerability

Summary

The 'lighttpd' program is prone to a security-bypass vulnerability that occurs in the 'mod_userdir' module. Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information. This may lead to other attacks. Versions prior to 'lighttpd' 1.4.20 are vulnerable.

Solution

The vendor has released lighttpd 1.4.20 to address this issue. Please see the references for more information.

References

http://www.lighttpd.net/
http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
http://www.securityfocus.com/bid/31600

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4360
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

EasyPHP Webserver Multiple Vulnerabilities
mod_python handle abuse
Savant Web Server Remote Buffer Overflow Vulnerability
Mongoose Web Server Remote Buffer Overflow Vulnerability
CERN httpd CGI name heap overflow

Take action and discover your vulnerabilities