CVE-2008-0599

Published: May 5, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ADV-2008-1412

vdb-entry

x_refsource_VUPEN

20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

mailing-list

x_refsource_BUGTRAQ

FEDORA-2008-3606

vendor-advisory

x_refsource_FEDORA

http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u

x_refsource_CONFIRM

32746

third-party-advisory

x_refsource_SECUNIA

30616

third-party-advisory

x_refsource_SECUNIA

HPSBUX02342

vendor-advisory

x_refsource_HP

HPSBUX02465

vendor-advisory

x_refsource_HP

30083

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2008-07-31

vendor-advisory

x_refsource_APPLE

GLSA-200811-05

vendor-advisory

x_refsource_GENTOO

SSRT090085

vendor-advisory

x_refsource_HP

FEDORA-2008-3864

vendor-advisory

x_refsource_FEDORA

29009

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:5510

vdb-entry

signature

x_refsource_OVAL

30828

third-party-advisory

x_refsource_SECUNIA

MDVSA-2008:128

vendor-advisory

x_refsource_MANDRIVA

ADV-2008-2268

vdb-entry

x_refsource_VUPEN

30345

third-party-advisory

x_refsource_SECUNIA

USN-628-1

vendor-advisory

x_refsource_UBUNTU

SSRT090192

vendor-advisory

x_refsource_HP

php-vector-unspecified(42137)

vdb-entry

x_refsource_XF

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

x_refsource_CONFIRM

[oss-security] 20080502 CVE Request (PHP)

mailing-list

x_refsource_MLIST

http://www.php.net/ChangeLog-5.php

x_refsource_CONFIRM

31200

third-party-advisory

x_refsource_SECUNIA

SSA:2008-128-01

vendor-advisory

x_refsource_SLACKWARE

30757

third-party-advisory

x_refsource_SECUNIA

31326

third-party-advisory

x_refsource_SECUNIA

1019958

vdb-entry

x_refsource_SECTRACK

VU#147027

third-party-advisory

x_refsource_CERT-VN

HPSBUX02431

vendor-advisory

x_refsource_HP

https://issues.rpath.com/browse/RPL-2503

x_refsource_CONFIRM

RHSA-2008:0505

vendor-advisory

x_refsource_REDHAT

SSRT080063

vendor-advisory

x_refsource_HP

ADV-2008-1810

vdb-entry

x_refsource_VUPEN

MDVSA-2008:127

vendor-advisory

x_refsource_MANDRIVA

35650

third-party-advisory

x_refsource_SECUNIA

30048

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-0599

Description

Affected Products

References