First published: Tue Mar 04 2008(Updated: )
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
lighttpd | =1.4.18 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-1111 has a moderate severity rating due to the potential exposure of sensitive information.
CVE-2008-1111 allows attackers to gain access to the source code of CGI scripts instead of receiving an error message.
CVE-2008-1111 specifically affects lighttpd version 1.4.18.
To mitigate CVE-2008-1111, upgrade lighttpd to a version later than 1.4.18.
If upgrading is not an option, consider rewriting your CGI scripts to handle errors more securely.