Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0760

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-0760
Last Modified 07 Mar 2011 09:30:46
Published 17 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0760

Summary

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

Vulnerable Systems

Application

  • Lighttpd 1.0.2

  • Lighttpd 1.0.3

  • Lighttpd 1.1.0

  • Lighttpd 1.1.1

  • Lighttpd 1.1.2

  • Lighttpd 1.1.3

  • Lighttpd 1.1.4

  • Lighttpd 1.1.5

  • Lighttpd 1.1.6

  • Lighttpd 1.1.7

  • Lighttpd 1.1.8

  • Lighttpd 1.1.9

  • Lighttpd 1.2.0

  • Lighttpd 1.2.1

  • Lighttpd 1.2.2

  • Lighttpd 1.2.3

  • Lighttpd 1.2.4

  • Lighttpd 1.2.5

  • Lighttpd 1.2.6

  • Lighttpd 1.2.7

  • Lighttpd 1.2.8

  • Lighttpd 1.3.0

  • Lighttpd 1.3.1

  • Lighttpd 1.3.10

  • Lighttpd 1.3.11

  • Lighttpd 1.3.12

  • Lighttpd 1.3.13

  • Lighttpd 1.3.14

  • Lighttpd 1.3.15

  • Lighttpd 1.3.16

  • Lighttpd 1.3.2

  • Lighttpd 1.3.3

  • Lighttpd 1.3.4

  • Lighttpd 1.3.5

  • Lighttpd 1.3.6

  • Lighttpd 1.3.7

  • Lighttpd 1.3.8

  • Lighttpd 1.3.9

  • Lighttpd 1.4.0

  • Lighttpd 1.4.1

  • Lighttpd 1.4.2

  • Lighttpd 1.4.3

  • Lighttpd 1.4.4

  • Lighttpd 1.4.5

  • Lighttpd 1.4.6

  • Lighttpd 1.4.7

  • Lighttpd 1.4.8


References

SECUNIA - 18869

VUPEN - ADV-2006-0550

CONFIRM - http://lighttpd.net/news/

XF - lighttpd-ext-source-disclosure(24699)

OSVDB - 23229

CONFIRM - http://www.lighttpd.net/news/


Last Updated: 27 May 2016 10:44:52