Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
lighttpd 不安全临时文件创建漏洞
Vulnerability Description
lighttpd是德国软件开发者Jan Kneschke所研发的一款开源的Web服务器,它的主要特点是仅需少量的内存及CPU资源即可达到同类网页服务器的性能。 基于Debian GNU/Linux平台上的FastCGI PHP支持lighthttpd 1.4.28之前版本中的配置文件中存在漏洞,该漏洞源于在/tmp目录下创建可预测名的套接字文件。通过符号链接或竞争条件,本地攻击者利用该漏洞劫持PHP控制套接字进而执行未授权操作,如强制使用不同版本的PHP。
CVSS Information
N/A
Vulnerability Type
N/A