Vulnerability CVE-2007-4727: Information

Description

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."

Severity: MEDIUM (6.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-4727
Published: Sept. 12, 2007
Modified: Oct. 16, 2018
Error type identifier: CWE-119

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/
    http://trac.lighttpd.net/trac/changeset/1986
      http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
        26732
        • Vendor Advisory
        https://bugzilla.redhat.com/show_bug.cgi?id=284511
          https://issues.rpath.com/browse/RPL-1715
            FEDORA-2007-2132
              GLSA-200709-16
                SUSE-SR:2007:020
                  25622
                    26794
                      26824
                        26997
                          27229
                            3127
                              ADV-2007-3110
                                lighttpd-modfastcgi-code-execution(36526)
                                  20070917 FLEA-2007-0054-1 lighttpd

                                      1. Configuration 1

                                        cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
                                        End including
                                        1.4.15
                                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                    Version: v24.5.0
                                    Back to top