Lucene search

K

MitreCVELIST:CVE-2008-4360

HistoryOct 03, 2008 - 5:18 p.m.

CVE-2008-4360

2008-10-0317:18:00

mitre

www.cve.org

6

AI Score

6.3

Confidence

Low

EPSS

0.01

Percentile

84.1%

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

References

lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

openwall.com/lists/oss-security/2008/09/30/1

openwall.com/lists/oss-security/2008/09/30/2

openwall.com/lists/oss-security/2008/09/30/3

secunia.com/advisories/32069

secunia.com/advisories/32132

secunia.com/advisories/32480

secunia.com/advisories/32834

secunia.com/advisories/32972

security.gentoo.org/glsa/glsa-200812-04.xml

trac.lighttpd.net/trac/changeset/2283

trac.lighttpd.net/trac/changeset/2308

trac.lighttpd.net/trac/ticket/1589

wiki.rpath.com/Advisories:rPSA-2008-0309

wiki.rpath.com/wiki/Advisories:rPSA-2008-0309

www.debian.org/security/2008/dsa-1645

www.lighttpd.net/security/lighttpd-1.4.x_userdir_lowercase.patch

www.lighttpd.net/security/lighttpd_sa_2008_06.txt

www.securityfocus.com/archive/1/497932/100/0/threaded

www.securityfocus.com/bid/31600

www.vupen.com/english/advisories/2008/2741

exchange.xforce.ibmcloud.com/vulnerabilities/45689

AI Score

6.3

Confidence

Low

EPSS

0.01

Percentile

84.1%

Related for CVELIST:CVE-2008-4360

ubuntucve1 nessus9 nvd1 prion1 debiancve1 seebug1 cve1 openvas8 securityvulns2 freebsd1 debian1 fedora1 osv1 gentoo1 ibm1