Description

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

Remediation

References

CVE-2006-0760

Related Vulnerabilities

WordPress Plugin WP-Footnotes 'admin_panel.php' Multiple Remote Vulnerabilities (2.2)

Angular Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)

Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)

Joomla! Core 3.0.x Clickjacking Vulnerability (3.0.0 - 3.0.1)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)

Severity

Low

Classification

CVE-2006-0760

Tags

Missing Update Known Vulnerabilities