Candidate: CVE-2008-4360
PublicDate: 2008-10-03 17:41:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360
Description:
 mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating
 system or filesystem is used, performs case-sensitive comparisons on
 filename components in configuration options, which might allow remote
 attackers to bypass intended access restrictions, as demonstrated by a
 request for a .PHP file when there is a configuration rule for .php files.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_lighttpd:
 debdiff: https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490
upstream_lighttpd: released (1.4.19-5)
dapper_lighttpd: ignored (reached end-of-life)
feisty_lighttpd: needed (reached end-of-life)
gutsy_lighttpd: needed (reached end-of-life)
hardy_lighttpd: released (1.4.19-0ubuntu3.1)
intrepid_lighttpd: not-affected (1.4.19-4ubuntu2)
jaunty_lighttpd: not-affected (1.4.19-4ubuntu2)
karmic_lighttpd: not-affected (1.4.19-4ubuntu2)
devel_lighttpd: not-affected (1.4.19-4ubuntu2)