FastCGI header overrun in mod_fastcgi
=======================================

 Description
-------------

Lighttpd is prone to a header overflow when using the mod_fastcgi extension,
this can lead to arbitrary code execution in the fastcgi application.

For a detailed description of the bug see the external reference.

This bug was found by Mattias Bengtsson <mattias@secweb.se> and
Philip Olausson <po@secweb.se>.

External reference:
http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/

 Affected versions
-------------------

all previous versions.

 Solutions or Workaround
-------------------------

upgrade to 1.4.18 or apply
lighttpd-1.4.x_mod_fastcgi_overrun.patch

This bug is tracked as CVE-2007-4727.