Loading
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
Use CWE-119, Lighttpd vendor hub and Lighttpd product page to widen CVE-2007-4727 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2019-11072, CVE-2014-2323 and CVE-2013-4559 for nearby disclosures in the same product family.