CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4360

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.3%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2008-4360

Lighttpd » Lighttpd » Version: 1.3.11

cpe:2.3:a:lighttpd:lighttpd:1.3.11
Lighttpd » Lighttpd » Version: 1.3.12

cpe:2.3:a:lighttpd:lighttpd:1.3.12
Lighttpd » Lighttpd » Version: 1.3.13

cpe:2.3:a:lighttpd:lighttpd:1.3.13
Lighttpd » Lighttpd » Version: 1.3.14

cpe:2.3:a:lighttpd:lighttpd:1.3.14
Lighttpd » Lighttpd » Version: 1.3.15

cpe:2.3:a:lighttpd:lighttpd:1.3.15
Lighttpd » Lighttpd » Version: 1.3.16

cpe:2.3:a:lighttpd:lighttpd:1.3.16
Lighttpd » Lighttpd » Version: 1.4.1

cpe:2.3:a:lighttpd:lighttpd:1.4.1
Lighttpd » Lighttpd » Version: 1.4.10

cpe:2.3:a:lighttpd:lighttpd:1.4.10
Lighttpd » Lighttpd » Version: 1.4.11

cpe:2.3:a:lighttpd:lighttpd:1.4.11
Lighttpd » Lighttpd » Version: 1.4.12

cpe:2.3:a:lighttpd:lighttpd:1.4.12
Lighttpd » Lighttpd » Version: 1.4.13

cpe:2.3:a:lighttpd:lighttpd:1.4.13
Lighttpd » Lighttpd » Version: 1.4.14

cpe:2.3:a:lighttpd:lighttpd:1.4.14
Lighttpd » Lighttpd » Version: 1.4.15

cpe:2.3:a:lighttpd:lighttpd:1.4.15
Lighttpd » Lighttpd » Version: 1.4.16

cpe:2.3:a:lighttpd:lighttpd:1.4.16
Lighttpd » Lighttpd » Version: 1.4.17

cpe:2.3:a:lighttpd:lighttpd:1.4.17
Lighttpd » Lighttpd » Version: 1.4.18

cpe:2.3:a:lighttpd:lighttpd:1.4.18
Lighttpd » Lighttpd » Version: 1.4.19

cpe:2.3:a:lighttpd:lighttpd:1.4.19
Lighttpd » Lighttpd » Version: 1.4.2

cpe:2.3:a:lighttpd:lighttpd:1.4.2
Lighttpd » Lighttpd » Version: 1.4.3

cpe:2.3:a:lighttpd:lighttpd:1.4.3
Lighttpd » Lighttpd » Version: 1.4.4

cpe:2.3:a:lighttpd:lighttpd:1.4.4
Lighttpd » Lighttpd » Version: 1.4.5

cpe:2.3:a:lighttpd:lighttpd:1.4.5
Lighttpd » Lighttpd » Version: 1.4.6

cpe:2.3:a:lighttpd:lighttpd:1.4.6
Lighttpd » Lighttpd » Version: 1.4.7

cpe:2.3:a:lighttpd:lighttpd:1.4.7
Lighttpd » Lighttpd » Version: 1.4.8

cpe:2.3:a:lighttpd:lighttpd:1.4.8
Lighttpd » Lighttpd » Version: 1.4.9

cpe:2.3:a:lighttpd:lighttpd:1.4.9
Debian » Debian Linux » Version: 4.0

cpe:2.3:o:debian:debian_linux:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4360

Products

Pricing

Contact Us