CVE-2008-4360

描述

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

受影響套件(1)

• Debian/lighttpdfrom 0, < 1.4.19-5

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-4360