Search for vulnerabilities
Vulnerability details: VCID-nt65-46dp-aaap
Vulnerability ID VCID-nt65-46dp-aaap
Aliases CVE-2008-4360
Summary mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01134 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.01139 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.02315 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.05897 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.05897 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.05897 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
epss 0.05897 https://api.first.org/data/v1/epss?cve=CVE-2008-4360
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=465752
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-4360
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://openwall.com/lists/oss-security/2008/09/30/1
http://openwall.com/lists/oss-security/2008/09/30/2
http://openwall.com/lists/oss-security/2008/09/30/3
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4360.json
https://api.first.org/data/v1/epss?cve=CVE-2008-4360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360
http://secunia.com/advisories/32069
http://secunia.com/advisories/32132
http://secunia.com/advisories/32480
http://secunia.com/advisories/32834
http://secunia.com/advisories/32972
http://security.gentoo.org/glsa/glsa-200812-04.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/45689
http://trac.lighttpd.net/trac/changeset/2283
http://trac.lighttpd.net/trac/changeset/2308
http://trac.lighttpd.net/trac/ticket/1589
http://wiki.rpath.com/Advisories:rPSA-2008-0309
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309
http://www.debian.org/security/2008/dsa-1645
http://www.lighttpd.net/security/lighttpd-1.4.x_userdir_lowercase.patch
http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
http://www.securityfocus.com/archive/1/497932/100/0/threaded
http://www.securityfocus.com/bid/31600
http://www.vupen.com/english/advisories/2008/2741
465752 https://bugzilla.redhat.com/show_bug.cgi?id=465752
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2008-4360 https://nvd.nist.gov/vuln/detail/CVE-2008-4360
GLSA-200812-04 https://security.gentoo.org/glsa/200812-04
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4360
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.85138
EPSS Score 0.01134
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.