Description

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

Remediation

References

CVE-2008-4360

Related Vulnerabilities

WordPress Plugin WordPress Calls to Action Multiple Cross-Site Scripting Vulnerabilities (2.5.0)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0185)

Oracle JRE CVE-2012-0500 Vulnerability (CVE-2012-0500)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.7.14)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15696)

Severity

High

Classification

CVE-2008-4360 CWE-200

Tags

Missing Update Known Vulnerabilities