9 matches found
Fedora Update for lighttpd FEDORA-2007-2132
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Gentoo Security Advisory GLSA 200710-02 (php)
The remote host is missing updates announced in advisory GLSA 200710-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
FreeBSD Ports: lighttpd
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Fedora 7 : lighttpd-1.4.18-1.fc7 (2007-2132)
Lighttpd 1.4.17 and earlier is prone to a header overflow when using the modfastcgi extension, this can lead to arbitrary code execution in the fastcgi application. This 1.4.18 update fixes the issue. Note that Tenable Network Security has extracted the preceding description block directly from t...
openSUSE 10 Security Update : lighttpd (lighttpd-4532)
This update fixes a buffer overflow in the fcgienvadd function. Under some circumstances this bug allows remote code execution. CVE-2007-4727 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow
------------------------------------------------------------------------ Debian Security Advisory 1362-2 [email protected] http://www.debian.org/security/ Steve Kemp October 7th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
DSquare Exploit Pack: D2SEC_LIGHTTPD3
Name| d2seclighttpd3 ---|--- CVE| CVE-2007-4727 Exploit Pack| D2ExploitPack Description| Lighttpd ModFastCGI Remote Header Overflow Exploit Notes|...
CVE-2007-4727
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
CVE-2007-4727
Lighttpd is affected by CVE-2007-4727: a buffer overflow in the FastCGI extension (mod_fastcgi) through the fcgi_env_add path in mod_proxy_backend_fastcgi.c when handling overly long HTTP headers. The issue can overwrite CGI variables (notably SCRIPT_FILENAME) and may lead to remote code executio...