oss-sec mailing list archives
CVE request: lighttpd mod_cgi script source disclosure
From: Robert Buchholz <rbu () gentoo org>
Date: Mon, 3 Mar 2008 01:10:24 +0100
Hey all, mod_cgi in lighttpd 1.4.18 (and earlier?) will send the source of a cgi script if it fails to fork the cgi handler, instead of an HTTP 500. mod_cgi is disabled by default. See for a patch: http://trac.lighttpd.net/trac/changeset/2107 https://bugs.gentoo.org/show_bug.cgi?id=211956 Please assign a CVE id. Thanks, Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: lighttpd mod_cgi script source disclosure Robert Buchholz (Mar 02)
- Re: CVE request: lighttpd mod_cgi script source disclosure Steven M. Christey (Mar 02)