CVE - CVE-2008-1111

CVE-ID
CVE-2008-1111	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080312 rPSA-2008-0106-1 lighttpd URL:http://www.securityfocus.com/archive/1/archive/1/489465/100/0/threaded MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106 MISC:https://issues.rpath.com/browse/RPL-2326 CONFIRM:http://trac.lighttpd.net/trac/changeset/2107 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=211956 DEBIAN:DSA-1513 URL:http://www.debian.org/security/2008/dsa-1513 FEDORA:FEDORA-2008-2262 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html FEDORA:FEDORA-2008-2278 URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html GENTOO:GLSA-200803-10 URL:http://security.gentoo.org/glsa/glsa-200803-10.xml SUSE:SUSE-SR:2008:008 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html BID:28100 URL:http://www.securityfocus.com/bid/28100 VUPEN:ADV-2008-0763 URL:http://www.vupen.com/english/advisories/2008/0763 SECUNIA:29209 URL:http://secunia.com/advisories/29209 SECUNIA:29268 URL:http://secunia.com/advisories/29268 SECUNIA:29275 URL:http://secunia.com/advisories/29275 SECUNIA:29235 URL:http://secunia.com/advisories/29235 SECUNIA:29318 URL:http://secunia.com/advisories/29318 SECUNIA:29622 URL:http://secunia.com/advisories/29622 XF:lighttpd-modcgi-information-disclosure(41008) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41008
Assigning CNA
N/A
Date Entry Created
20080302	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080302)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org