• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Lighttpd Mod_FastCGI Request Headers Remote Header Overflow Vulnerability

Bugtraq ID:	25622
Class:	Boundary Condition Error
CVE:	CVE-2007-4727
Remote:	Yes
Local:	No
Published:	Sep 10 2007 12:00AM
Updated:	Dec 19 2007 04:01PM
Credit:	Mattias Bengtsson <mattias@secweb.se> and Philip Olausson <po@secweb.se> discovered this issue.
Vulnerable:	S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 x86_64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 x86_64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 + Linux kernel 2.6.5 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rPath rPath Linux 1 RedHat Fedora Core7 0 lighttpd lighttpd 1.4.17 lighttpd lighttpd 1.4.16 lighttpd lighttpd 1.4.15 lighttpd lighttpd 1.4.14 lighttpd lighttpd 1.4.13 lighttpd lighttpd 1.4.12 lighttpd lighttpd 1.4.11 lighttpd lighttpd 1.4.10 lighttpd lighttpd 1.4.10 lighttpd lighttpd 1.4.9 lighttpd lighttpd 1.4.8 lighttpd lighttpd 1.4.7 lighttpd lighttpd 1.4.6 lighttpd lighttpd 1.4.5 lighttpd lighttpd 1.4.4 lighttpd lighttpd 1.4.3 lighttpd lighttpd 1.4.2 lighttpd lighttpd 1.4.1 lighttpd lighttpd 1.4 lighttpd lighttpd 1.3.10 lighttpd lighttpd 1.3.8 lighttpd lighttpd 1.3.7 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:	lighttpd lighttpd 1.4.18