mod_userdir in lighttpd before 1.4.20, when a case...
High severity
Unreviewed
Published
May 2, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Oct 3, 2008
Published to the GitHub Advisory Database
May 2, 2022
Last updated
Jan 31, 2023
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
References