Description

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."

Remediation

References

CVE-2007-4727

Related Vulnerabilities

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-5301)

Zope Web Application Server Other Vulnerability (CVE-2006-3458)

Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17825)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6750)

Severity

Medium

Classification

CVE-2007-4727 CWE-119

Tags

Missing Update Known Vulnerabilities