CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...

DSA-2649-1 lighttpd - fixed socket name in world-writable directory

Bulletin has no description...

php security, bug fix and enhancement update

5.3.3-22 - php-xml provides php-xmlreader and php-xmlwriter 874987 - fix possible NULL derefence and buffer overflow 879179 - fix zend garbage collector 848186, 868375 5.3.3-21 - fix CVE reference in previous changelog entry 5.3.3-20 - remove reproducer from security fix for CVE-2012-0781 5.3.3-1...

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6777)

This update fixes CVE-2011-1398 / CVE-2011-4388 header injection via CR. This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was...

[SECURITY] Fedora 16 Update: perl-CGI-3.52-203.fc16

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

Fedora Update for perl-CGI FEDORA-2012-18330

Check for the Version of perl-CGI OpenVAS Vulnerability Test Fedora Update for perl-CGI FEDORA-2012-18330 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for perl-CGI FEDORA-2012-19282

Check for the Version of perl-CGI OpenVAS Vulnerability Test Fedora Update for perl-CGI FEDORA-2012-19282 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

[SECURITY] Fedora 18 Update: perl-CGI-3.51-10.fc18

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

PHP FastCGI remote exploit-vulnerability warning-the black bar safety net

Speaking of FastCGI, we all know this is currently the most common webserver dynamic script execution model. Currently, substantially all of the web scripts are the basic support of this model, and even some type of script this is the only mode ROR, Python, etc. FastCGI's main aim is, the webserv...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8264)

This update changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

Scientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64

A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2008-5557 A flaw was found in the handling...

[SECURITY] Fedora 16 Update: lighttpd-1.4.31-1.fc16

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

PHP-CGI远程任意代码执行漏洞

CVE ID: CVE-2012-1823 PHP是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。可以被各种Web服务器以多种方式调用，实现动态网页的功能。 PHP处理参数的传递时存在漏洞，在特定的配置情况下，远程攻击者可能利用此漏洞在服务器上获取脚本源码或执行任意命令。 当PHP以特定的CGI方式被调用时（例如Apache的modcgid），php-cgi接收处理过的查询格式字符串作为命令行参数，允许命令行开关（例如-s、-d...

Fedora Update for cherokee FEDORA-2011-12657

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-12657 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for cherokee FEDORA-2011-14622

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14622 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Debian DSA-2436-1 : libapache2-mod-fcgid - inactive resource limits

It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources. %NASLMINLEVEL 70300 C Tenable Network Securit...

nginx fastcgi configuration mistakes+parsing vulnerability-induced vulnerability-vulnerability warning-the black bar safety net

Now there are many sites with nginx, since the N months before the nginx parsing vulnerability since now almost all fixed, the General statement is written so if $fastcgiscriptname ../. php return 4 0 3; When matching/. phpwhen it returns 4 0 3 但是 有些 fastcgi 配置 的 却 不只 有 .php and some are even...

[SECURITY] Fedora 16 Update: cherokee-1.2.101-1.fc16

Cherokee is a very fast, flexible and easy to configure Web Server. It supp orts the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more...

Fedora Update for cherokee FEDORA-2011-14660

Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14660 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...