Description

mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.

Remediation

References

CVE-2008-1111

Related Vulnerabilities

WordPress Plugin Z-URL Preview Cross-Site Scripting (1.6.2)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.59)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37695)

RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2018-1000074)

Severity

Medium

Classification

CVE-2008-1111 CWE-200

Tags

Missing Update Known Vulnerabilities