// For flags

CVE-2013-1427

 

Severity Score

1.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

El archivo de configuración para el soporte FastCGI PHP en lighttpd en versiones anteriores a 1.4.28 en Debian GNU/Linux crea un archivo socket con un nombre predecible en /tmp, lo que permite a usuarios locales secuestrar el socket de control de PHP y llevar a cabo acciones no autorizadas como forzar el uso de una versión diferente de PHP a través de un ataque de link simbólico o una condición de carrera.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-01-26 CVE Reserved
  • 2013-03-16 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
<= 1.4.27
Search vendor "Lighttpd" for product "Lighttpd" and version " <= 1.4.27"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.3.16
Search vendor "Lighttpd" for product "Lighttpd" and version "1.3.16"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.3
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.3"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.4
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.4"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.5
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.5"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.6
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.6"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.7
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.7"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.8
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.8"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.9
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.9"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.10
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.10"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.11
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.11"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.12
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.12"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.13
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.13"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.15
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.15"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.16
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.16"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.18
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.18"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.19
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.19"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.20
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.20"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.21
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.21"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.22
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.22"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.23
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.23"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.24
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.24"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.25
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.25"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe
Lighttpd
Search vendor "Lighttpd"
Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
1.4.26
Search vendor "Lighttpd" for product "Lighttpd" and version "1.4.26"
-
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Safe