FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- FastCGI header overrun in mod_fastcgi

Affected packages
lighttpd < 1.4.18


VuXML ID 4b673ae7-5f9a-11dc-84dd-000102cc8983
Discovery 2007-09-09
Entry 2007-09-10

lighttpd maintainer reports:

Lighttpd is prone to a header overflow when using the mod_fastcgi extension, this can lead to arbitrary code execution in the fastcgi application. For a detailed description of the bug see the external reference.

This bug was found by Mattias Bengtsson and Philip Olausson


CVE Name CVE-2007-4727