• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Lighttpd Mod_FastCGI Request Headers Remote Header Overflow Vulnerability

Lighttpd is prone to a remote header-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it.

An attacker may exploit this issue to overwrite PHP headers such as 'SCRIPT_FILENAME'. This may allow the attacker to execute to script code, obtain sensitive information, and launch other attacks. Exploiting this issue may also aid in the remote compromise of an affected computer.

Lighttpd 1.4.17 is vulnerable; prior versions may also be affected.