Back to search
CVE-2007-4727
Published: Sep 12, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://issues.rpath.com/browse/RPL-1715
x_refsource_CONFIRM
20070917 FLEA-2007-0054-1 lighttpd
mailing-list
x_refsource_BUGTRAQ
FEDORA-2007-2132
vendor-advisory
x_refsource_FEDORA
26732
third-party-advisory
x_refsource_SECUNIA
GLSA-200709-16
vendor-advisory
x_refsource_GENTOO
25622
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=284511
x_refsource_MISC
http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
x_refsource_CONFIRM
lighttpd-modfastcgi-code-execution(36526)
vdb-entry
x_refsource_XF
3127
third-party-advisory
x_refsource_SREASON
26997
third-party-advisory
x_refsource_SECUNIA
http://trac.lighttpd.net/trac/changeset/1986
x_refsource_CONFIRM
26824
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3110
vdb-entry
x_refsource_VUPEN
27229
third-party-advisory
x_refsource_SECUNIA
26794
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2007:020
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now