• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability

Bugtraq ID:	31600
Class:	Access Validation Error
CVE:	CVE-2008-4360
Remote:	Yes
Local:	No
Published:	Oct 06 2008 12:00AM
Updated:	Jan 12 2010 05:11PM
Credit:	Reported by the vendor
Vulnerable:	S.u.S.E. SLE 11 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 rPath rPath Linux 2 rPath rPath Linux 1 RedHat Fedora 9 0 lighttpd lighttpd 1.4.18 lighttpd lighttpd 1.4.17 lighttpd lighttpd 1.4.16 lighttpd lighttpd 1.4.15 lighttpd lighttpd 1.4.14 lighttpd lighttpd 1.4.13 lighttpd lighttpd 1.4.12 lighttpd lighttpd 1.4.11 lighttpd lighttpd 1.4.10 lighttpd lighttpd 1.4.10 lighttpd lighttpd 1.4.9 lighttpd lighttpd 1.4.8 lighttpd lighttpd 1.4.7 lighttpd lighttpd 1.4.6 lighttpd lighttpd 1.4.5 lighttpd lighttpd 1.4.4 lighttpd lighttpd 1.4.3 lighttpd lighttpd 1.4.2 lighttpd lighttpd 1.4.1 lighttpd lighttpd 1.4 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:	lighttpd lighttpd 1.4.20