Loading
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.
Use Lighttpd vendor hub and Lighttpd product page to widen CVE-2006-0760 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2019-11072, CVE-2014-2323 and CVE-2013-4559 for nearby disclosures in the same product family.