Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-4360

Опубликовано: 03 окт. 2008
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
Версия до 1.4.20 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01198
Низкий

7.5 High

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2008-4360

ubuntu
почти 17 лет назад

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

redhat логотип

CVE-2008-4360

redhat
больше 17 лет назад

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

debian логотип

CVE-2008-4360

debian
почти 17 лет назад

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operati ...

github логотип

GHSA-73r4-8h5j-2cjg

github
больше 3 лет назад

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

EPSS

Процентиль: 78%
0.01198
Низкий

7.5 High

CVSS2

Дефекты

CWE-200