Lighttpd Mod_FastCGI Request Headers Remote Header Overflow Vulnerability

info
discussion
exploit
solution
references

Lighttpd Mod_FastCGI Request Headers Remote Header Overflow Vulnerability

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following exploits demonstrate this issue:

/data/vulnerabilities/exploits/hoagie_lighttpd.c
/data/vulnerabilities/exploits/lighttpd-fastcgi-remote-vulnerability.c