Lighttpd » Lighttpd : Security Vulnerabilities, CVEs, Published In 2008 (Information Leak) CVSS score >= 6

CVE-2008-4360

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
Max CVSS
7.5
EPSS Score
1.05%
Published
2008-10-03
Updated
2018-11-29

CVE-2008-4359

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Max CVSS
7.5
EPSS Score
1.01%
Published
2008-10-03
Updated
2018-11-29
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close