Information Disclosure in Lighttpd's mod_cgi
CVE-2008-1111

Currently unrated

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 4 March 2008

What is CVE-2008-1111?

The mod_cgi module in Lighttpd version 1.4.18 is susceptible to an information disclosure vulnerability. Specifically, when a fork failure occurs during the execution of CGI scripts, the server inadvertently sends the source code of these scripts instead of returning a standard 500 error response. This behavior enables remote attackers to gain access to sensitive information that could lead to further exploitation of the affected server. It is crucial for users of Lighttpd to address this vulnerability promptly to mitigate the risks associated with unauthorized access to confidential data.

References

http://secunia.com/advisories/29268

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/29622

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/0763

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2008
Vulnerability Reserved
Mar 2, 2008