CVE Vulnerabilities

CVE-2008-0599

Published: May 05, 2008 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Affected Software

Name Vendor Start Version End Version
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.1 5.0.1
Php Php 5.0.2 5.0.2
Php Php 5.0.3 5.0.3
Php Php 5.0.4 5.0.4
Php Php 5.0.5 5.0.5
Php Php 5.1.0 5.1.0
Php Php 5.1.1 5.1.1
Php Php 5.1.2 5.1.2
Php Php 5.1.3 5.1.3
Php Php 5.1.4 5.1.4
Php Php 5.1.5 5.1.5
Php Php 5.1.6 5.1.6
Php Php 5.2.0 5.2.0
Php Php 5.2.1 5.2.1
Php Php 5.2.2 5.2.2
Php Php 5.2.3 5.2.3
Php Php 5.2.4 5.2.4
Php Php * 5.2.5
Red Hat Application Stack v2 for Enterprise Linux RedHat httpd *
Red Hat Application Stack v2 for Enterprise Linux RedHat mod_jk *
Red Hat Application Stack v2 for Enterprise Linux RedHat mod_perl *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql-connector-odbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat mysql-jdbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat perl-DBD-MySQL *
Red Hat Application Stack v2 for Enterprise Linux RedHat perl-DBI *
Red Hat Application Stack v2 for Enterprise Linux RedHat php *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresqlclient81 *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql-jdbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat postgresql-odbc *
Red Hat Application Stack v2 for Enterprise Linux RedHat unixODBC *
Php5 Ubuntu gutsy *
Php5 Ubuntu hardy *
Php5 Ubuntu upstream *

References