Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2005-3389

Опубликовано: 01 нояб. 2005
Источник: nvd
CVSS2: 5
EPSS Средний

Описание

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.10848
Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2005-3389

ubuntu
больше 19 лет назад

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

redhat логотип

CVE-2005-3389

redhat
больше 19 лет назад

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

debian логотип

CVE-2005-3389

debian
больше 19 лет назад

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, whe ...

github логотип

GHSA-7vjg-5rq8-r4h2

github
около 3 лет назад

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

EPSS

Процентиль: 93%
0.10848
Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other