exploitDog

CVE-2008-0599

Опубликовано: 01 мая 2008

Источник: redhat

CVSS2: 4.3

EPSS Средний

Описание

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Отчет

Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, and Red Hat Application Stack v1.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2008-0599

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=445003php: buffer overflow in a CGI path translation

EPSS

Процентиль: 98%

0.51567

Средний

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2008-0599

CVSS3: 9.8

ubuntu

около 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVE-2008-0599

CVSS3: 9.8

nvd

около 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVE-2008-0599

CVSS3: 9.8

debian

около 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ...

GHSA-m9m5-q9x5-6877

CVSS3: 9.8

github

около 3 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

EPSS

Процентиль: 98%

0.51567

Средний

4.3 Medium

CVSS2