CVE-2008-4360

CVE-2008-4360 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

Learn more about our User Device Pen Test.