Back to search
CVE-2011-3379
Published: Nov 3, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=741020
x_refsource_CONFIRM
HPSBMU02786
vendor-advisory
x_refsource_HP
http://svn.php.net/viewvc/?view=revision&revision=317183
x_refsource_CONFIRM
https://bugs.php.net/bug.php?id=55475
x_refsource_CONFIRM
20110923 Security issue is_a function in PHP 5.3.7+
mailing-list
x_refsource_BUGTRAQ
8525
third-party-advisory
x_refsource_SREASON
SSRT100877
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now