Description

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."

Remediation

References

CVE-2007-4727

Related Vulnerabilities

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.7.01)

WordPress Plugin Google Analytics Dashboard Cross-Site Scripting (2.1.1)

Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2012-1170)

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files Multiple Cross-Site Scripting Vulnerabilities (1.3.8)

Severity

Medium

Classification

CVE-2007-4727 CWE-119

Tags

Missing Update Known Vulnerabilities