CVE-2007-4727
published 2007-09-12CVE-2007-4727: Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
12.90%
95.8th percentile
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lighttpd | < lighttpd 1.4.18-1 (bookworm) | lighttpd 1.4.18-1 (bookworm) |
| lighttpd | lighttpd | <= 1.4.15 | — |
| lighttpd | lighttpd | >= 0 < 1.4.18-1 | 1.4.18-1 |
| lighttpd | lighttpd | >= 0 < 1.4.18-1 | 1.4.18-1 |
| lighttpd | lighttpd | >= 0 < 1.4.18-1 | 1.4.18-1 |
| lighttpd | lighttpd | >= 0 < 1.4.18-1 | 1.4.18-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8fr6-p7rj-wmfr: Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi
ghsa_unreviewed·2022-05-01
CVE-2007-4727 [MEDIUM] CWE-119 GHSA-8fr6-p7rj-wmfr: Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
OSV
CVE-2007-4727: Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi
osv·2007-09-12·CVSS 6.8
CVE-2007-4727 [MEDIUM] CVE-2007-4727: Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Debian
CVE-2007-4727: lighttpd - Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in t...
vendor_debian·2007·CVSS 6.8
CVE-2007-4727 [MEDIUM] CVE-2007-4727: lighttpd - Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in t...
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Scope: local
bookworm: resolved (fixed in 1.4.18-1)
bullseye: resolved (fixed in 1.4.18-1)
forky: resolved (fixed in 1.4.18-1)
sid: resolved (fixed in 1.4.18-1)
trixie: resolved (fixed in 1.4.18-1)
No detection rules found.
No public exploits indexed.
http://fedoranews.org/updates/FEDORA-2007-213.shtmlhttp://secunia.com/advisories/26732http://secunia.com/advisories/26794http://secunia.com/advisories/26824http://secunia.com/advisories/26997http://secunia.com/advisories/27229http://securityreason.com/securityalert/3127http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/http://trac.lighttpd.net/trac/changeset/1986http://www.gentoo.org/security/en/glsa/glsa-200709-16.xmlhttp://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txthttp://www.novell.com/linux/security/advisories/2007_20_sr.htmlhttp://www.securityfocus.com/archive/1/479763/100/0/threadedhttp://www.securityfocus.com/bid/25622http://www.vupen.com/english/advisories/2007/3110https://bugzilla.redhat.com/show_bug.cgi?id=284511https://exchange.xforce.ibmcloud.com/vulnerabilities/36526https://issues.rpath.com/browse/RPL-1715http://fedoranews.org/updates/FEDORA-2007-213.shtmlhttp://secunia.com/advisories/26732http://secunia.com/advisories/26794http://secunia.com/advisories/26824http://secunia.com/advisories/26997http://secunia.com/advisories/27229http://securityreason.com/securityalert/3127http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/http://trac.lighttpd.net/trac/changeset/1986http://www.gentoo.org/security/en/glsa/glsa-200709-16.xmlhttp://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txthttp://www.novell.com/linux/security/advisories/2007_20_sr.htmlhttp://www.securityfocus.com/archive/1/479763/100/0/threadedhttp://www.securityfocus.com/bid/25622http://www.vupen.com/english/advisories/2007/3110https://bugzilla.redhat.com/show_bug.cgi?id=284511https://exchange.xforce.ibmcloud.com/vulnerabilities/36526https://issues.rpath.com/browse/RPL-1715
2007-09-12
Published