Local File Inclusion in lighttpd on Debian GNU/Linux
CVE-2013-1427

Currently unrated

Key Information:

Vendor

Lighttpd

Status
Lighttpd
Vendor
CVE Published:
21 March 2013

What is CVE-2013-1427?

The FastCGI PHP support for lighttpd prior to version 1.4.28 on Debian GNU/Linux contains a vulnerability where the configuration file creates a socket file with a predictable name in the /tmp directory. This predictability allows local users to hijack the PHP control socket, potentially enabling them to execute unauthorized commands. Attackers can leverage this vulnerability through symlink attacks or race conditions to manipulate the PHP environment and impact system behavior.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/91462
vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/82897
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/58528
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.