Security Advisory

CVE-2006-0760

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-02-18 02:00:00

Last updated 2024-08-07 16:48:55

Assigner mitre

State PUBLISHED

Description

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

← Browse all CVEs View on cve.org ↗