Search for vulnerabilities
Vulnerability details: VCID-vt98-mkwp-aaap
Vulnerability ID VCID-vt98-mkwp-aaap
Aliases CVE-2008-1111
Summary mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00867 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00914 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00914 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00914 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00914 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.01346 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.01654 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2008-1111
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=435805
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-1111
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1111.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1111
https://bugs.gentoo.org/show_bug.cgi?id=211956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1111
http://secunia.com/advisories/29209
http://secunia.com/advisories/29235
http://secunia.com/advisories/29268
http://secunia.com/advisories/29275
http://secunia.com/advisories/29318
http://secunia.com/advisories/29622
http://security.gentoo.org/glsa/glsa-200803-10.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/41008
https://issues.rpath.com/browse/RPL-2326
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html
http://trac.lighttpd.net/trac/changeset/2107
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106
http://www.debian.org/security/2008/dsa-1513
http://www.securityfocus.com/archive/1/489465/100/0/threaded
http://www.securityfocus.com/bid/28100
http://www.vupen.com/english/advisories/2008/0763
435805 https://bugzilla.redhat.com/show_bug.cgi?id=435805
469307 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469307
cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
CVE-2008-1111 https://nvd.nist.gov/vuln/detail/CVE-2008-1111
GLSA-200803-10 https://security.gentoo.org/glsa/200803-10
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1111
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.82577
EPSS Score 0.00844
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.