CVE-2008-0599

Severity

99%

Complexity

99%

Confidentiality

165%

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

PHP

First reported 16 years ago

2008-05-05 17:20:00

Last updated 6 years ago

2018-10-15 22:01:00

Affected Software

PHP PHP 5.0.0 Beta1

5.0.0

PHP PHP 5.0.0 Beta2

5.0.0

PHP PHP 5.0.0 Beta3

5.0.0

PHP PHP 5.0.0 Beta4

5.0.0

PHP PHP 5.0.0 RC1

5.0.0

PHP PHP 5.0.0 RC2

5.0.0

PHP PHP 5.0.0 RC3

5.0.0

PHP PHP 5.0.1

5.0.1

PHP PHP 5.0.2

5.0.2

PHP PHP 5.0.3

5.0.3

PHP PHP 5.0.4

5.0.4

PHP PHP 5.0.5

5.0.5

PHP PHP 5.1.0

5.1.0

PHP PHP 5.1.1

5.1.1

PHP PHP 5.1.2

5.1.2

PHP PHP 5.1.3

5.1.3

PHP 5.1.4

5.1.4

PHP PHP 5.1.5

5.1.5

PHP PHP 5.1.6

5.1.6

PHP 5.2.0

5.2.0

PHP 5.2.1

5.2.1

PHP 5.2.2

5.2.2

PHP 5.2.3

5.2.3

PHP 5.2.4

5.2.4

PHP PHP

References

http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u

Exploit

HPSBUX02342

APPLE-SA-2008-07-31

SSRT090085

HPSBUX02465

30048

Vendor Advisory

30083

30345

Vendor Advisory

30616

30757

30828

31200

31326

32746

35650

GLSA-200811-05

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

VU#147027

US Government Resource

MDVSA-2008:127

MDVSA-2008:128

[oss-security] 20080502 CVE Request (PHP)

http://www.php.net/ChangeLog-5.php

RHSA-2008:0505

20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

29009

1019958

SSA:2008-128-01

USN-628-1

ADV-2008-1412

ADV-2008-1810

ADV-2008-2268

php-vector-unspecified(42137)

https://issues.rpath.com/browse/RPL-2503

oval:org.mitre.oval:def:5510

FEDORA-2008-3864

FEDORA-2008-3606

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.