File Access Vulnerability in Lighttpd Web Server
CVE-2008-4360

Currently unrated

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 3 October 2008

What is CVE-2008-4360?

An issue exists in Lighttpd's mod_userdir, where it performs case-sensitive comparisons on filename components despite running on a case-insensitive operating system or filesystem. This flaw can enable remote attackers to circumvent intended access controls by exploiting misconfigured rules for file types, such as .php, potentially allowing unauthorized access to sensitive files. The vulnerability emphasizes the importance of proper configuration in web server environments to safeguard against unauthorized intrusions.

References

http://secunia.com/advisories/32069

third-party-advisoryx_refsource_SECUNIA

http://www.lighttpd.net/security/lighttpd-1.4.x_userdir_l...

x_refsource_CONFIRM

http://secunia.com/advisories/32972

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2008
Vulnerability Reserved
Sep 30, 2008