Description
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Maintenance Mode & Site Under Construction Security Bypass (1.8.1)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)
MySQL CVE-2021-2301 Vulnerability (CVE-2021-2301)
WebLogic CVE-2019-2856 Vulnerability (CVE-2019-2856)
WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder SQL Injection (1.29.2)