lighttpd mod_fastcgi HTTP Request Header Remote Overflow
Medium Nessus Plugin ID 26057
SynopsisThe remote web server is affected by a buffer overflow vulnerability.
DescriptionThe remote web server appears to be lighttpd running with the FastCGI module (mod_fastcgi). The version of the FastCGI module on the remote host is affected by a buffer overflow vulnerability. A remote attacker can exploit this, by sending a specially crafted request with a long header, to add or replace headers passed to PHP, such as SCRIPT_FILENAME, which in turn could result in arbitrary code execution.
SolutionUpgrade to lighttpd version 1.4.18 or later. Alternatively, disable the FastCGI module.