Description
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Remediation
References
Related Vulnerabilities
Java Unspesificed Vulnerability (CVE-2018-3136)
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038)
WordPress Plugin WP Live Chat Support Pro Unspecified Vulnerability (8.0.07)
WordPress Plugin WP TripAdvisor Review Slider SQL Injection (10.7)
WordPress 2.6.3 Cross-Site Scripting Vulnerability (0.6.2 - 2.6.3)