Description

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

Remediation

References

CVE-2006-0760

Related Vulnerabilities

BeCustom Cross-Site Request Forgery (1.0.5.2)

Oracle JRE CVE-2013-5775 Vulnerability (CVE-2013-5775)

Oracle JRE CVE-2013-2430 Vulnerability (CVE-2013-2430)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.2)

Ruby Numeric Errors Vulnerability (CVE-2008-2662)

Severity

Low

Classification

CVE-2006-0760

Tags

Missing Update Known Vulnerabilities