1.9

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

Data is provided by the National Vulnerability Database (NVD)
LighttpdLighttpd Version <= 1.4.27
   DebianDebian Linux
LighttpdLighttpd Version1.3.16
   DebianDebian Linux
LighttpdLighttpd Version1.4.3
   DebianDebian Linux
LighttpdLighttpd Version1.4.4
   DebianDebian Linux
LighttpdLighttpd Version1.4.5
   DebianDebian Linux
LighttpdLighttpd Version1.4.6
   DebianDebian Linux
LighttpdLighttpd Version1.4.7
   DebianDebian Linux
LighttpdLighttpd Version1.4.8
   DebianDebian Linux
LighttpdLighttpd Version1.4.9
   DebianDebian Linux
LighttpdLighttpd Version1.4.10
   DebianDebian Linux
LighttpdLighttpd Version1.4.11
   DebianDebian Linux
LighttpdLighttpd Version1.4.12
   DebianDebian Linux
LighttpdLighttpd Version1.4.13
   DebianDebian Linux
LighttpdLighttpd Version1.4.15
   DebianDebian Linux
LighttpdLighttpd Version1.4.16
   DebianDebian Linux
LighttpdLighttpd Version1.4.18
   DebianDebian Linux
LighttpdLighttpd Version1.4.19
   DebianDebian Linux
LighttpdLighttpd Version1.4.20
   DebianDebian Linux
LighttpdLighttpd Version1.4.21
   DebianDebian Linux
LighttpdLighttpd Version1.4.22
   DebianDebian Linux
LighttpdLighttpd Version1.4.23
   DebianDebian Linux
LighttpdLighttpd Version1.4.24
   DebianDebian Linux
LighttpdLighttpd Version1.4.25
   DebianDebian Linux
LighttpdLighttpd Version1.4.26
   DebianDebian Linux
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.118
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:P/A:N