VYPR
Unrated severityNVD Advisory· Published Oct 3, 2008· Updated Jun 16, 2026

CVE-2008-4360

CVE-2008-4360

Description

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Lighttpd/Lighttpd2 versions
    cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*range: <1.4.20
    • (no CPE)range: <1.4.20
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.