Description

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

Remediation

References

CVE-2006-0760

Related Vulnerabilities

Drupal Other Vulnerability (CVE-2006-2260)

WordPress Plugin Ivory Search-WordPress Search Unspecified Vulnerability (5.4.3)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (5.5.0)

MediaWiki Other Vulnerability (CVE-2006-2611)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.18)

Severity

Low

Classification

CVE-2006-0760

Tags

Missing Update Known Vulnerabilities