Description
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Remediation
References
Related Vulnerabilities
WordPress Plugin Bad Behavior Multiple Cross-Site Scripting Vulnerabilities (2.2.4)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
TYPO3 Improper Input Validation Vulnerability (CVE-2011-4902)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975)