CVE-2007-4727
7.5 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.306 Low
EPSS
Percentile
96.9%
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a “header overflow.”
| CPE | Name | Operator | Version |
|---|---|---|---|
| lighttpd:lighttpd | lighttpd | le | 1.4.15 |
References
fedoranews.org/updates/FEDORA-2007-213.shtml
secunia.com/advisories/26732
secunia.com/advisories/26794
secunia.com/advisories/26824
secunia.com/advisories/26997
secunia.com/advisories/27229
securityreason.com/securityalert/3127
secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/
trac.lighttpd.net/trac/changeset/1986
www.gentoo.org/security/en/glsa/glsa-200709-16.xml
www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
www.novell.com/linux/security/advisories/2007_20_sr.html
www.securityfocus.com/archive/1/479763/100/0/threaded
www.securityfocus.com/bid/25622
www.vupen.com/english/advisories/2007/3110
bugzilla.redhat.com/show_bug.cgi?id=284511
exchange.xforce.ibmcloud.com/vulnerabilities/36526
issues.rpath.com/browse/RPL-1715
Social References
More
Related
7.5 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.306 Low
EPSS
Percentile
96.9%