Lighttpd » Lighttpd : Security Vulnerabilities, CVEs, Published In 2008 (Information Leak) CVSS score >= 7
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
Max CVSS
7.5
EPSS Score
1.05%
Published
2008-10-03
Updated
2018-11-29
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Max CVSS
7.5
EPSS Score
1.01%
Published
2008-10-03
Updated
2018-11-29
2 vulnerabilities found