42 matches found
Lighttpd: Buffer overflow
Background Lighttpd is a lightweight HTTP web server. Description Mattias Bengtsson and Philip Olausson have discovered a buffer overflow vulnerability in the function fcgienvadd in the file modfastcgi.c when processing overly long HTTP headers. Impact A remote attacker could send a specially...
[Full-disclosure] rPSA-2007-0183-1 lighttpd
rPath Security Advisory: 2007-0183-1 Published: 2007-09-14 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: lighttpd=/conary.rpath.com@rpl:devel//1/1.4.18-0.1-1 References:...
lighttpd buffer overflow
modfastcgi buffer overflow on headers parsing...
DSquare Exploit Pack: D2SEC_LIGHTTPD3
Name| d2seclighttpd3 ---|--- CVE| CVE-2007-4727 Exploit Pack| D2ExploitPack Description| Lighttpd ModFastCGI Remote Header Overflow Exploit Notes|...
CVE-2007-4727
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
CVE-2007-4727
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
Buffer overflow
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
DEBIAN-CVE-2007-4727
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
CVE-2007-4727
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
CVE-2007-4727
Lighttpd is affected by CVE-2007-4727: a buffer overflow in the FastCGI extension (mod_fastcgi) through the fcgi_env_add path in mod_proxy_backend_fastcgi.c when handling overly long HTTP headers. The issue can overwrite CGI variables (notably SCRIPT_FILENAME) and may lead to remote code executio...
CVE-2007-4727
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
CVE-2007-4727
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...
Lighttpd < 1.4.18 mod_fastcgi HTTP Request Header Overflow
Binary data 4206.prm...
lighttpd -- FastCGI header overrun in mod_fastcgi
lighttpd maintainer reports: Lighttpd is prone to a header overflow when using the modfastcgi extension, this can lead to arbitrary code execution in the fastcgi application. For a detailed description of the bug see the external reference. This bug was found by Mattias Bengtsson and Philip Olaus...
Debian DSA-1362-2 : lighttpd - several vulnerabilities
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when modfcgi was enabled. The Common Vulnerabilities and Exposures project identifies the following problems : -...
[SECURITY] [DSA 1362-1] New lighttpd packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1362 [email protected] http://www.debian.org/security/ Steve Kemp August 29th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
Format string
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
CVE-2007-3950
CVE-2007-3950 affects lighttpd 1.4.15 on 32‑bit platforms. The issue is caused by incompatible format specifiers in debugging messages within the modules (mod_scgi, mod_fastcgi, mod_webdav), allowing remote attackers to cause a denial of service (daemon crash). The connected documents indicate th...