CVE-2013-1427

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.21:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.23:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.24:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.25:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.26:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-03-21 17:55

Updated : 2023-12-10 11:16


NVD link : CVE-2013-1427

Mitre link : CVE-2013-1427

CVE.ORG link : CVE-2013-1427


JSON object : View

Products Affected

debian

  • debian_linux

lighttpd

  • lighttpd
CWE
CWE-310

Cryptographic Issues