2.6

CVE-2006-0760

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version1.0.2
LighttpdLighttpd Version1.0.3
LighttpdLighttpd Version1.1.0
LighttpdLighttpd Version1.1.1
LighttpdLighttpd Version1.1.2
LighttpdLighttpd Version1.1.3
LighttpdLighttpd Version1.1.4
LighttpdLighttpd Version1.1.5
LighttpdLighttpd Version1.1.6
LighttpdLighttpd Version1.1.7
LighttpdLighttpd Version1.1.8
LighttpdLighttpd Version1.1.9
LighttpdLighttpd Version1.2.0
LighttpdLighttpd Version1.2.1
LighttpdLighttpd Version1.2.2
LighttpdLighttpd Version1.2.3
LighttpdLighttpd Version1.2.4
LighttpdLighttpd Version1.2.5
LighttpdLighttpd Version1.2.6
LighttpdLighttpd Version1.2.7
LighttpdLighttpd Version1.2.8
LighttpdLighttpd Version1.3.0
LighttpdLighttpd Version1.3.1
LighttpdLighttpd Version1.3.2
LighttpdLighttpd Version1.3.3
LighttpdLighttpd Version1.3.4
LighttpdLighttpd Version1.3.5
LighttpdLighttpd Version1.3.6
LighttpdLighttpd Version1.3.7
LighttpdLighttpd Version1.3.8
LighttpdLighttpd Version1.3.9
LighttpdLighttpd Version1.3.10
LighttpdLighttpd Version1.3.11
LighttpdLighttpd Version1.3.12
LighttpdLighttpd Version1.3.13
LighttpdLighttpd Version1.3.14
LighttpdLighttpd Version1.3.15
LighttpdLighttpd Version1.3.16
LighttpdLighttpd Version1.4.0
LighttpdLighttpd Version1.4.1
LighttpdLighttpd Version1.4.2
LighttpdLighttpd Version1.4.3
LighttpdLighttpd Version1.4.4
LighttpdLighttpd Version1.4.5
LighttpdLighttpd Version1.4.6
LighttpdLighttpd Version1.4.7
LighttpdLighttpd Version1.4.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.24% 0.805
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lighttpd.net/news/
http://secunia.com/advisories/18869
Patch
Vendor Advisory
http://www.lighttpd.net/news/
http://www.osvdb.org/23229
http://www.vupen.com/english/advisories/2006/0550
https://exchange.xforce.ibmcloud.com/vulnerabilities/24699