fkie_nvd - fkie_cve-2006-0760

fkie_cve-2006-0760

Vulnerability from fkie_nvd

Published

2006-02-18 02:02

Modified

2025-04-03 01:03

Severity ?

Summary

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

References

URL	Tags
cve@mitre.org	http://lighttpd.net/news/
cve@mitre.org	http://secunia.com/advisories/18869	Patch, Vendor Advisory
cve@mitre.org	http://www.lighttpd.net/news/
cve@mitre.org	http://www.osvdb.org/23229
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0550
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24699
af854a3a-2127-422b-91ae-364da2661108	http://lighttpd.net/news/
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18869	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.lighttpd.net/news/
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/23229
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/0550
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/24699

Impacted products

Vendor	Product	Version
lighttpd	lighttpd	1.0.2
lighttpd	lighttpd	1.0.3
lighttpd	lighttpd	1.1.0
lighttpd	lighttpd	1.1.1
lighttpd	lighttpd	1.1.2
lighttpd	lighttpd	1.1.3
lighttpd	lighttpd	1.1.4
lighttpd	lighttpd	1.1.5
lighttpd	lighttpd	1.1.6
lighttpd	lighttpd	1.1.7
lighttpd	lighttpd	1.1.8
lighttpd	lighttpd	1.1.9
lighttpd	lighttpd	1.2.0
lighttpd	lighttpd	1.2.1
lighttpd	lighttpd	1.2.2
lighttpd	lighttpd	1.2.3
lighttpd	lighttpd	1.2.4
lighttpd	lighttpd	1.2.5
lighttpd	lighttpd	1.2.6
lighttpd	lighttpd	1.2.7
lighttpd	lighttpd	1.2.8
lighttpd	lighttpd	1.3.0
lighttpd	lighttpd	1.3.1
lighttpd	lighttpd	1.3.2
lighttpd	lighttpd	1.3.3
lighttpd	lighttpd	1.3.4
lighttpd	lighttpd	1.3.5
lighttpd	lighttpd	1.3.6
lighttpd	lighttpd	1.3.7
lighttpd	lighttpd	1.3.8
lighttpd	lighttpd	1.3.9
lighttpd	lighttpd	1.3.10
lighttpd	lighttpd	1.3.11
lighttpd	lighttpd	1.3.12
lighttpd	lighttpd	1.3.13
lighttpd	lighttpd	1.3.14
lighttpd	lighttpd	1.3.15
lighttpd	lighttpd	1.3.16
lighttpd	lighttpd	1.4.0
lighttpd	lighttpd	1.4.1
lighttpd	lighttpd	1.4.2
lighttpd	lighttpd	1.4.3
lighttpd	lighttpd	1.4.4
lighttpd	lighttpd	1.4.5
lighttpd	lighttpd	1.4.6
lighttpd	lighttpd	1.4.7
lighttpd	lighttpd	1.4.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DE19FF-DAA2-4FFC-9392-6CE1B0B5DF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57FABC2C-E678-45E8-9FB3-3026D55D26F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0332C2-9720-4329-A379-5B7048034B3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2549EBF-E4B6-4574-BCD8-9DB5F195C9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B29F5471-E2A9-421D-A1B5-F0B1444CA9AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F44FDF24-03A1-43F3-9D9E-F744F0A1AC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B990A8-B28C-4A4C-89AB-50C754EF6491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C0A9A3-E628-4AA8-8676-81A8528CC174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8119BEB6-5CBC-4279-9BDE-53ADF1A55F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "211959AC-B76B-4E87-8A08-7789B47F823E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10DF110-D68E-448F-8BEE-39E0B569596D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4B7EDE-CA57-4FB2-8306-924FC8BD9C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A2745B-661B-489A-9140-FD63F668161A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "769931EC-F36A-4F72-A836-85B65CA815C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4FE8C27-6822-4AA2-AB80-D29871C74DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB702A9-C175-477C-B4C7-30AF7DB26165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08784A81-A00C-4FBD-9A79-35D139FA3079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "957A7575-FCAB-4C6B-93C8-C9065B412D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE481AA-EF32-47AD-846A-FEDE38637680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC56FD6-481A-4D60-BAF3-C988AA2395D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C691300-EA97-4F67-9C27-3C44FE22E283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D09EDA-6E8F-4535-98ED-D972940E2E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E384FD34-327C-40E7-9043-67BC69E6A52B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B922D725-F31A-453B-B396-6C7FE0D4844B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61C0DE-BAEB-4D65-91EA-D34BA0BEFC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C395148E-BF0E-4C27-B903-444238736B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C001488-5A41-45F8-A270-C184728C1614",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA6EA41-CE55-4854-A5FA-4A49D1A648BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7FE9EF8-936E-4351-B512-02B181C4DF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "16152422-AE34-4970-95B5-440CE8821A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8D34AB8-5DDD-421F-9C9D-65B6B10EDC7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "53143B04-BB2D-4C40-83B1-8BF8BC6547E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "589775AF-21DF-4E41-BFE6-41E4FAAB0F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E35D1709-6B2C-4F22-9948-F69F88F9156A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4949447-0590-4F76-A00E-1EB94FB7621F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF5B9E9-8BB5-42A6-AF87-5CEE31D2EDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "518A4727-ECB7-41C4-8DF5-5375BA5281C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "17207B51-0E7F-4AD2-8AC4-5A5CDC5CDEE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FC99E1-57D4-4B12-BA26-090142B7CBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "21E0FB64-62A3-4875-AFF1-CF4D1E7BA0D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "068AD0FA-306D-4C29-857C-21C6067287E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1125A525-36BA-43E1-A316-6BB33DCEC672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E488CF-A3F1-4C8B-A92A-8764FA1E6032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DEAF46-95C2-4187-AF5A-FB8CB2E6FD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0ECA9-5A9F-47CA-B8CA-28C7324EC722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F8F89B-5A10-4EE3-A035-1CEA44B1691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89FCD49-0C73-4E73-9D99-38700B622A06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for \".php\" names."
    }
  ],
  "id": "CVE-2006-0760",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-02-18T02:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lighttpd.net/news/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18869"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lighttpd.net/news/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/23229"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/0550"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lighttpd.net/news/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lighttpd.net/news/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/23229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24699"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2006-0760 (GCVE-0-2006-0760)

Vulnerability from cvelistv5

Published

2006-02-18 02:00