CVE-2008-1111 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1111
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1111

Description: mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41008 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html SAID Secunia Advisory: SA29209 Secunia Advisory: SA29268 Secunia Advisory: SA29275 Secunia Advisory: SA29235 Secunia Advisory: SA29318 Secunia Advisory: SA29622 MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106 GENTOO http://security.gentoo.org/glsa/glsa-200803-10.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1513 CONFIRM http://trac.lighttpd.net/trac/changeset/2107 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489465/100/0/threaded BID 28100

Return to the previous page.