Description
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0600 Vulnerability (CVE-2016-0600)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)
WordPress Plugin Simple Photo Gallery SQL Injection (1.7.9)
WordPress Plugin Improved user search in backend Cross-Site Request Forgery (1.2.4)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1052)