mod_cgi information disclosure
================================

 Description
-------------

When forking the  interpreter failed lighttpd was sending out the
source of the script instead of returning HTTP 500.

This could lead to disclosure of credentials and other sensitive
informations.

mod_cgi is not loaded by default.

 Affected versions
-------------------

all versions before 1.4.19

 Solutions or Workaround
-------------------------

There is no workaround. Upgrade to 1.4.19 or apply
lighttpd-1.4.x_mod_cgi_disclosure.patch

This bug is tracked as CVE-2008-1111.