CVE-2008-4360
EPSS 1.1%Published: 10/3/2008Modified: 4/28/2026
Description
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
Affected packages (1)
- Debian/lighttpdfrom 0, < 1.4.19-5