CVE-2008-4360 (debian_linux, lighttpd)

maltiger

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4360