Launchpad CVE tracker

CVE 2008-1111

mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.

Related bugs and status

CVE-2008-1111 (Candidate) is related to these bugs:

Bug #198731: [CVE-2008-1111] Failure to Handle Exceptional Conditions

		In	Importance	Status
198731	[CVE-2008-1111] Failure to Handle Exceptional Conditions	lighttpd (Ubuntu)	Medium	Fix Released
198731	[CVE-2008-1111] Failure to Handle Exceptional Conditions	lighttpd (Ubuntu Dapper)	Medium	Fix Released
198731	[CVE-2008-1111] Failure to Handle Exceptional Conditions	lighttpd (Ubuntu Edgy)	Medium	Fix Released
198731	[CVE-2008-1111] Failure to Handle Exceptional Conditions	lighttpd (Ubuntu Gutsy)	Medium	Fix Released
198731	[CVE-2008-1111] Failure to Handle Exceptional Conditions	lighttpd (Ubuntu Feisty)	Medium	Fix Released
198731	[CVE-2008-1111] Failure to Handle Exceptional Conditions	lighttpd (Ubuntu Hardy)	Medium	Fix Released

Bug #201439: [FFe] lighttpd 1.4.19

Summary				In	Importance	Status
	201439	[FFe] lighttpd 1.4.19		lighttpd (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://trac.lighttpd.n...
CONFIRM: https://bugs.gentoo.or...
DEBIAN: DSA-1513
FEDORA: FEDORA-2008-2262
FEDORA: FEDORA-2008-2278
GENTOO: GLSA-200803-10
BID: 28100
SECUNIA: 29209
SECUNIA: 29268
SECUNIA: 29275
SECUNIA: 29235
MISC: http://wiki.rpath.com/...
MISC: https://issues.rpath.c...
SECUNIA: 29318
SUSE: SUSE-SR:2008:008
SECUNIA: 29622
VUPEN: ADV-2008-0763
XF: lighttpd-modcgi-inform...
BUGTRAQ: 20080312 rPSA-2008-010...

Launchpad.net

CVE 2008-1111

Related bugs and status

Related bugs

References