Vulnerabilities > CVE-2006-0760 - Information Disclosure vulnerability in lightrpd

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

lighttpd

NVD

Published: 2006-02-18

Updated: 2017-07-20

Summary

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

Vulnerable Configurations

Part	Description	Count
Application	Lighttpd Lighttpd Lighttpd 1.0.2 Lighttpd Lighttpd 1.0.3 Lighttpd Lighttpd 1.1.0 Lighttpd Lighttpd 1.1.1 Lighttpd Lighttpd 1.1.2 Lighttpd Lighttpd 1.1.3 Lighttpd Lighttpd 1.1.4 Lighttpd Lighttpd 1.1.5 Lighttpd Lighttpd 1.1.6 Lighttpd Lighttpd 1.1.7 Lighttpd Lighttpd 1.1.8 Lighttpd Lighttpd 1.1.9 Lighttpd Lighttpd 1.2.0 Lighttpd Lighttpd 1.2.1 Lighttpd Lighttpd 1.2.2 Lighttpd Lighttpd 1.2.3 Lighttpd Lighttpd 1.2.4 Lighttpd Lighttpd 1.2.5 Lighttpd Lighttpd 1.2.6 Lighttpd Lighttpd 1.2.7 Lighttpd Lighttpd 1.2.8 Lighttpd Lighttpd 1.3.0 Lighttpd Lighttpd 1.3.1 Lighttpd Lighttpd 1.3.2 Lighttpd Lighttpd 1.3.3 Lighttpd Lighttpd 1.3.4 Lighttpd Lighttpd 1.3.5 Lighttpd Lighttpd 1.3.6 Lighttpd Lighttpd 1.3.7 Lighttpd Lighttpd 1.3.8 Lighttpd Lighttpd 1.3.9 Lighttpd Lighttpd 1.3.10 Lighttpd Lighttpd 1.3.11 Lighttpd Lighttpd 1.3.12 Lighttpd Lighttpd 1.3.13 Lighttpd Lighttpd 1.3.14 Lighttpd Lighttpd 1.3.15 Lighttpd Lighttpd 1.3.16 Lighttpd Lighttpd 1.4.0 Lighttpd Lighttpd 1.4.1 Lighttpd Lighttpd 1.4.2 Lighttpd Lighttpd 1.4.3 Lighttpd Lighttpd 1.4.4 Lighttpd Lighttpd 1.4.5 Lighttpd Lighttpd 1.4.6 Lighttpd Lighttpd 1.4.7 Lighttpd Lighttpd 1.4.8	47

Summary

Vulnerable Configurations

References