Published: 21/03/2013 Updated: 29/08/2017

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

The configuration file for the FastCGI PHP support for lighttpd prior to 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lighttpd lighttpd 1.4.23
lighttpd lighttpd 1.4.22
lighttpd lighttpd 1.4.15
lighttpd lighttpd 1.4.12
lighttpd lighttpd 1.4.4
lighttpd lighttpd 1.4.3
lighttpd lighttpd
lighttpd lighttpd 1.4.26
lighttpd lighttpd 1.4.19
lighttpd lighttpd 1.4.18
lighttpd lighttpd 1.4.8
lighttpd lighttpd 1.4.7
lighttpd lighttpd 1.4.21
lighttpd lighttpd 1.4.20
lighttpd lighttpd 1.4.13
lighttpd lighttpd 1.4.10
lighttpd lighttpd 1.4.9
lighttpd lighttpd 1.3.16
lighttpd lighttpd 1.4.25
lighttpd lighttpd 1.4.24
lighttpd lighttpd 1.4.11
lighttpd lighttpd 1.4.16
lighttpd lighttpd 1.4.6
lighttpd lighttpd 1.4.5

CWE-310 http://osvdb.org/91462 http://www.debian.org/security/2013/dsa-2649 http://www.securityfocus.com/bid/58528 https://exchange.xforce.ibmcloud.com/vulnerabilities/82897 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1427

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect