CVE-2006-0760

Name of the Vulnerable Software and Affected Versions LightTPD versions 1.4.8 and earlier

Description The issue allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization on case-insensitive filesystems. This can be demonstrated by a request for a file with an extension like index.PHP when the configuration only invokes the PHP interpreter for .php names.

Recommendations For LightTPD versions 1.4.8 and earlier, consider updating the configuration to handle case-insensitive filesystems properly, or restrict access to sensitive files until a proper fix is applied. As a temporary workaround, consider disabling the invocation of the PHP interpreter for files with unexpected capitalization in their extensions.