lighttpd
Page content
- Author: vmiklos
- Vulnerable: 1.4.16-1terminus1
- Unaffected: 1.4.16-1terminus2
Mattias Bengtsson and Philip Olausson have reported a vulnerability in lighttpd, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the mod_fastcgi extension when handling headers in a HTTP request. This can be exploited to e.g. add or replace PHP headers (e.g. SCRIPT_FILENAME) via a HTTP request containing an overly long header.
- Bug Tracker URL: http://bugs.frugalware.org/task/2410