CVE-2008-1111
lighttpd - information disclosure
EPSS 0.99%
Description
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.
How to fix CVE-2008-1111
To remediate CVE-2008-1111, upgrade the affected package to a fixed version below.
- Debian/lighttpd—upgrade to 1.4.18-4 or later
- Debian/lighttpd—upgrade to 1.4.13-4etch5 or later
Is CVE-2008-1111 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.18-4
- from 0, < 1.4.13-4etch5