1.9

CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version <= 1.4.27
   DebianDebian Linux
LighttpdLighttpd Version1.3.16
   DebianDebian Linux
LighttpdLighttpd Version1.4.3
   DebianDebian Linux
LighttpdLighttpd Version1.4.4
   DebianDebian Linux
LighttpdLighttpd Version1.4.5
   DebianDebian Linux
LighttpdLighttpd Version1.4.6
   DebianDebian Linux
LighttpdLighttpd Version1.4.7
   DebianDebian Linux
LighttpdLighttpd Version1.4.8
   DebianDebian Linux
LighttpdLighttpd Version1.4.9
   DebianDebian Linux
LighttpdLighttpd Version1.4.10
   DebianDebian Linux
LighttpdLighttpd Version1.4.11
   DebianDebian Linux
LighttpdLighttpd Version1.4.12
   DebianDebian Linux
LighttpdLighttpd Version1.4.13
   DebianDebian Linux
LighttpdLighttpd Version1.4.15
   DebianDebian Linux
LighttpdLighttpd Version1.4.16
   DebianDebian Linux
LighttpdLighttpd Version1.4.18
   DebianDebian Linux
LighttpdLighttpd Version1.4.19
   DebianDebian Linux
LighttpdLighttpd Version1.4.20
   DebianDebian Linux
LighttpdLighttpd Version1.4.21
   DebianDebian Linux
LighttpdLighttpd Version1.4.22
   DebianDebian Linux
LighttpdLighttpd Version1.4.23
   DebianDebian Linux
LighttpdLighttpd Version1.4.24
   DebianDebian Linux
LighttpdLighttpd Version1.4.25
   DebianDebian Linux
LighttpdLighttpd Version1.4.26
   DebianDebian Linux
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.118
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:P/A:N