Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4727

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4727
Last Modified 07 Mar 2011 09:59:05
Published 12 Sep 2007 03:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4727

Summary

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."

Vulnerable Systems

Application

  • Lighttpd 1.4.15


References

VUPEN - ADV-2007-3110

CONFIRM - http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt

CONFIRM - http://trac.lighttpd.net/trac/changeset/1986

MISC - http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/

SECUNIA - 26732

CONFIRM - https://issues.rpath.com/browse/RPL-1715

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=284511

XF - lighttpd-modfastcgi-code-execution(36526)

BID - 25622

BUGTRAQ - 20070917 FLEA-2007-0054-1 lighttpd

SUSE - SUSE-SR:2007:020

GENTOO - GLSA-200709-16

SREASON - 3127

SECUNIA - 27229

SECUNIA - 26997

SECUNIA - 26824

SECUNIA - 26794

FEDORA - FEDORA-2007-2132


Last Updated: 27 May 2016 10:45:57