CVE-2007-4727
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2007-4727
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-4727.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2007-4727
- Published
- 2007-09-12T19:17:00Z
- Modified
- 2025-04-09T00:30:58Z
- Downstream
- Summary
- [none]
- Details
-
Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
- References
-
- http://secunia.com/advisories/26732
- http://secunia.com/advisories/26794
- http://secunia.com/advisories/26824
- http://secunia.com/advisories/26997
- http://secunia.com/advisories/27229
- http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/
- http://www.novell.com/linux/security/advisories/2007_20_sr.html
- http://www.vupen.com/english/advisories/2007/3110
- https://bugzilla.redhat.com/show_bug.cgi?id=284511
- http://fedoranews.org/updates/FEDORA-2007-213.shtml
- http://securityreason.com/securityalert/3127
- http://trac.lighttpd.net/trac/changeset/1986
- http://www.gentoo.org/security/en/glsa/glsa-200709-16.xml
- http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
- http://www.securityfocus.com/archive/1/479763/100/0/threaded
- http://www.securityfocus.com/bid/25622
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36526
- https://issues.rpath.com/browse/RPL-1715
- https://security-tracker.debian.org/tracker/CVE-2007-4727
Affected packages
Debian:11 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:deb/debian/lighttpd?arch=source
Debian:12 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:deb/debian/lighttpd?arch=source
Debian:13 / lighttpd
Package
- Name
- lighttpd
- Purl
- pkg:deb/debian/lighttpd?arch=source