Anders

Name of the Vulnerable Software and Affected Versions: lighttpd versions prior to 1.4.20 Description: The issue allows remote attackers to bypass intended access restrictions due to case-sensitive comparisons on filename components in configuration options when a case-insensitive operating system or filesystem is used. This can be demonstrated by a request for a .PHP file when there is a configuration rule for .php files. Recommendations: For versions prior to 1.4.20, update to version 1.4.20 or later to resolve the issue.