Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-4360

Published: 03/10/2008 Updated: 29/11/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Lighttpd

Vulnerability Summary

mod_userdir in lighttpd prior to 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote malicious users to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lighttpd lighttpd

debian debian linux 4.0

References

CWE-200http://www.lighttpd.net/security/lighttpd-1.4.x_userdir_lowercase.patchhttp://openwall.com/lists/oss-security/2008/09/30/1http://openwall.com/lists/oss-security/2008/09/30/3http://trac.lighttpd.net/trac/changeset/2283http://www.lighttpd.net/security/lighttpd_sa_2008_06.txthttp://trac.lighttpd.net/trac/ticket/1589http://openwall.com/lists/oss-security/2008/09/30/2http://trac.lighttpd.net/trac/changeset/2308http://www.debian.org/security/2008/dsa-1645http://www.securityfocus.com/bid/31600http://secunia.com/advisories/32132http://secunia.com/advisories/32069http://wiki.rpath.com/Advisories:rPSA-2008-0309http://secunia.com/advisories/32834http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlhttp://secunia.com/advisories/32972http://security.gentoo.org/glsa/glsa-200812-04.xmlhttp://secunia.com/advisories/32480http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309http://www.vupen.com/english/advisories/2008/2741https://exchange.xforce.ibmcloud.com/vulnerabilities/45689http://www.securityfocus.com/archive/1/497932/100/0/threadedhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook