Lighttpd < 1.4.18 mod_fastcgi HTTP Request Header Overflow
Medium Nessus Network Monitor Plugin ID 4206
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running Lighttpd, a small web server. This version of Lighttpd is vulnerable to a buffer overflow via the 'mod_fastcgi' module. An attacker exploiting this flaw would only need the ability to send large, malformed requests to the 'mod_fastcgi' module. Successful exploitation would result in the attacker executing arbitrary code.
SolutionUpgrade to 1.4.18 or higher.