cbcvebase.
CVE-2007-4727
published 2007-09-12

CVE-2007-4727: Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to…

PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
12.90%
95.8th percentile
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."

Affected

6 ranges
VendorProductVersion rangeFixed in
debianlighttpd< lighttpd 1.4.18-1 (bookworm)lighttpd 1.4.18-1 (bookworm)
lighttpdlighttpd<= 1.4.15
lighttpdlighttpd>= 0 < 1.4.18-11.4.18-1
lighttpdlighttpd>= 0 < 1.4.18-11.4.18-1
lighttpdlighttpd>= 0 < 1.4.18-11.4.18-1
lighttpdlighttpd>= 0 < 1.4.18-11.4.18-1

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.