PT-2007-5883 · Lighttpd · Lighttpd
Lubomir Kundrak
·
Published
2007-09-12
·
Updated
2018-10-15
·
CVE-2007-4727
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
lighttpd versions prior to 1.4.18
Description:
The issue is related to a buffer overflow in the fcgi env add function, which allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length. This can be achieved by overwriting the
SCRIPT FILENAME variable.Recommendations:
For versions prior to 1.4.18, update to version 1.4.18 or later to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lighttpd