Vulnerability Details : CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Exploit prediction scoring system (EPSS) score for CVE-2013-1427
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1427
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2013-1427
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1427
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82897
lighttpd /tmp directory symlink CVE-2013-1427 Vulnerability Report
-
http://www.securityfocus.com/bid/58528
lighttpd CVE-2013-1427 Insecure Temporary File Creation Vulnerability
-
http://www.debian.org/security/2013/dsa-2649
Debian -- Security Information -- DSA-2649-1 lighttpd
Products affected by CVE-2013-1427
- cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.20:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.23:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.24:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.21:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.22:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.26:*:*:*:*:*:*:*When used together with: Debian » Debian Linux
- cpe:2.3:a:lighttpd:lighttpd:1.4.25:*:*:*:*:*:*:*When used together with: Debian » Debian Linux