What is the severity of CVE-2013-1427?

CVE-2013-1427 is classified as a low severity vulnerability that can lead to local PHP control socket hijacking.

How do I fix CVE-2013-1427?

To fix CVE-2013-1427, upgrade the Lighttpd server to version 1.4.28 or later.

What type of vulnerability is CVE-2013-1427?

CVE-2013-1427 is a local privilege escalation vulnerability affecting Lighttpd's FastCGI PHP support.

Can CVE-2013-1427 be exploited remotely?

No, CVE-2013-1427 can only be exploited by local users who have access to the system.

Which versions of Lighttpd are affected by CVE-2013-1427?

CVE-2013-1427 affects Lighttpd versions prior to 1.4.28, including multiple earlier releases.

Vulnerability/
CVE-2013-1427

low

1.9

CWE

310 362

21/3/2013

29/8/2017

CVE-2013-1427: Race Condition

First published: Thu Mar 21 2013(Updated: )

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

Credit: security@debian.org

Affected Software	Affected Version	How to fix
Fipsasp Fipscms Light	<=1.4.27
Fipsasp Fipscms Light	=1.3.16
Fipsasp Fipscms Light	=1.4.3
Fipsasp Fipscms Light	=1.4.4
Fipsasp Fipscms Light	=1.4.5
Fipsasp Fipscms Light	=1.4.6
Fipsasp Fipscms Light	=1.4.7
Fipsasp Fipscms Light	=1.4.8
Fipsasp Fipscms Light	=1.4.9
Fipsasp Fipscms Light	=1.4.10
Fipsasp Fipscms Light	=1.4.11
Fipsasp Fipscms Light	=1.4.12
Fipsasp Fipscms Light	=1.4.13
Fipsasp Fipscms Light	=1.4.15
Fipsasp Fipscms Light	=1.4.16
Fipsasp Fipscms Light	=1.4.18
Fipsasp Fipscms Light	=1.4.19
Fipsasp Fipscms Light	=1.4.20
Fipsasp Fipscms Light	=1.4.21
Fipsasp Fipscms Light	=1.4.22
Fipsasp Fipscms Light	=1.4.23
Fipsasp Fipscms Light	=1.4.24
Fipsasp Fipscms Light	=1.4.25
Fipsasp Fipscms Light	=1.4.26
Debian

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1427?
CVE-2013-1427 is classified as a low severity vulnerability that can lead to local PHP control socket hijacking.
How do I fix CVE-2013-1427?
To fix CVE-2013-1427, upgrade the Lighttpd server to version 1.4.28 or later.
What type of vulnerability is CVE-2013-1427?
CVE-2013-1427 is a local privilege escalation vulnerability affecting Lighttpd's FastCGI PHP support.
Can CVE-2013-1427 be exploited remotely?
No, CVE-2013-1427 can only be exploited by local users who have access to the system.
Which versions of Lighttpd are affected by CVE-2013-1427?
CVE-2013-1427 affects Lighttpd versions prior to 1.4.28, including multiple earlier releases.

agent/first-publish-date
agent/last-modified-date
agent/type
agent/references
agent/weakness
agent/severity
agent/author
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/lighttpd
canonical/fipsasp fipscms light
version/fipsasp fipscms light/1.4.27
version/fipsasp fipscms light/1.3.16
version/fipsasp fipscms light/1.4.3
version/fipsasp fipscms light/1.4.4
version/fipsasp fipscms light/1.4.5
version/fipsasp fipscms light/1.4.6
version/fipsasp fipscms light/1.4.7
version/fipsasp fipscms light/1.4.8
version/fipsasp fipscms light/1.4.9
version/fipsasp fipscms light/1.4.10
version/fipsasp fipscms light/1.4.11
version/fipsasp fipscms light/1.4.12
version/fipsasp fipscms light/1.4.13
version/fipsasp fipscms light/1.4.15
version/fipsasp fipscms light/1.4.16
version/fipsasp fipscms light/1.4.18
version/fipsasp fipscms light/1.4.19
version/fipsasp fipscms light/1.4.20
version/fipsasp fipscms light/1.4.21
version/fipsasp fipscms light/1.4.22
version/fipsasp fipscms light/1.4.23
version/fipsasp fipscms light/1.4.24
version/fipsasp fipscms light/1.4.25
version/fipsasp fipscms light/1.4.26
vendor/debian
canonical/debian