exploitDog

CVE-2008-0599

Опубликовано: 01 мая 2008

Источник: redhat

CVSS2: 4.3

Описание

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Отчет

Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, and Red Hat Application Stack v1.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2008-0599

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=445003php: buffer overflow in a CGI path translation

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2008-0599

CVSS3: 9.8

ubuntu

больше 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVE-2008-0599

CVSS3: 9.8

nvd

больше 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVE-2008-0599

CVSS3: 9.8

debian

больше 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ...

GHSA-m9m5-q9x5-6877

CVSS3: 9.8

github

больше 3 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

4.3 Medium

CVSS2