← back
CVE-2006-0760

CVE-2006-0760

EPSS 2.2%
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lighttpd.net/news/http://secunia.com/advisories/18869https://exchange.xforce.ibmcloud.com/vulnerabilities/24699http://www.lighttpd.net/news/http://www.osvdb.org/23229http://www.vupen.com/english/advisories/2006/0550