Intrusion Prevention

Lighttpd.FastCGI.Buffer.Overflow

Description

This indicates an attempt to exploit a header overflow vulnerability in Lighttpd before version 1.4.18.
There is a header overflow vulnerability in Lighttpd that occurs when the application calls the fast_cgi module. It allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length.

Affected Products

Lighttpd 1.x., before version 1.4.18

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Update to version 1.4.18.

CVE References

CVE-2007-4727