Unrated severityNVD Advisory· Published Mar 21, 2013· Updated Apr 29, 2026
CVE-2013-1427
CVE-2013-1427
Description
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Affected products
24cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*range: <=1.4.27
- cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.26:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.