[CVE-2008-1111] Failure to Handle Exceptional Conditions
Bug #198731 reported by
Stephan Rügamer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lighttpd (Ubuntu) |
Fix Released
|
Medium
|
Stephan Rügamer | ||
Dapper |
Fix Released
|
Medium
|
Emanuele Gentili | ||
Edgy |
Fix Released
|
Medium
|
Emanuele Gentili | ||
Feisty |
Fix Released
|
Medium
|
Emanuele Gentili | ||
Gutsy |
Fix Released
|
Medium
|
Emanuele Gentili | ||
Hardy |
Fix Released
|
Medium
|
Stephan Rügamer |
Bug Description
Binary package hint: lighttpd
mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source code of CGI scripts instead of a 500 error, which might allow remote attackers to obtain sensitive information.
Fixes are found at: http://
CVE References
Changed in lighttpd: | |
assignee: | nobody → shermann |
status: | New → Confirmed |
Changed in lighttpd: | |
assignee: | nobody → emgent |
assignee: | nobody → emgent |
assignee: | nobody → emgent |
assignee: | nobody → emgent |
Changed in lighttpd: | |
importance: | Undecided → Medium |
Changed in lighttpd: | |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
To post a comment you must log in.
lighttpd (1.4.18-1ubuntu5) hardy; urgency=low
* debian/ patches/ 90-CVE- 2008-1111. dpatch: trac.lighttpd. net/trac/ changeset/ 2107
- Fixes CVE-2008-1111
"mod_cgi in lighttpd 1.4.18, when a fork failure occurs, sends the source
code of CGI scripts instead of a 500 error, which might allow remote attackers
to obtain sensitive information."
Upstream Patch: http://
-- Stephan Hermann <email address hidden> Wed, 05 Mar 2008 14:04:43 +0100