// For flags

CVE-2008-0599

php: buffer overflow in a CGI path translation

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

La función init_request_info en sapi/cgi/cgi_main.c en PHP en versiones anteriores a 5.2.6 no considera correctamente la precedencia del operador cuando calcula la longitud de PATH_TRANSLATED, lo que podrían permitir a atacantes remotos ejecutar código arbitrario a través de una URI manipulada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-02-05 CVE Reserved
  • 2008-05-05 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-10-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-131: Incorrect Calculation of Buffer Size
CAPEC
References (38)
URL Tag Source
http://secunia.com/advisories/30083 Broken Link
http://secunia.com/advisories/30616 Broken Link
http://secunia.com/advisories/30757 Broken Link
http://secunia.com/advisories/30828 Broken Link
http://secunia.com/advisories/31200 Broken Link
http://secunia.com/advisories/31326 Broken Link
http://secunia.com/advisories/32746 Broken Link
http://secunia.com/advisories/35650 Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176 Broken Link
http://www.kb.cert.org/vuls/id/147027 Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/05/02/2 Mailing List
http://www.php.net/ChangeLog-5.php Release Notes
http://www.securityfocus.com/archive/1/492535/100/0/threaded Broken Link
http://www.securityfocus.com/bid/29009 Broken Link
http://www.securitytracker.com/id?1019958 Broken Link
http://www.vupen.com/english/advisories/2008/1412 Broken Link
http://www.vupen.com/english/advisories/2008/1810/references Broken Link
http://www.vupen.com/english/advisories/2008/2268 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/42137 Third Party Advisory
https://issues.rpath.com/browse/RPL-2503 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510 Broken Link
URL Date SRC
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u 2024-08-07
URL Date SRC
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437 2024-02-02
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html 2024-02-02
http://marc.info/?l=bugtraq&m=124654546101607&w=2 2024-02-02
http://marc.info/?l=bugtraq&m=125631037611762&w=2 2024-02-02
http://secunia.com/advisories/30048 2024-02-02
http://secunia.com/advisories/30345 2024-02-02
http://security.gentoo.org/glsa/glsa-200811-05.xml 2024-02-02
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 2024-02-02
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128 2024-02-02
http://www.redhat.com/support/errata/RHSA-2008-0505.html 2024-02-02
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951 2024-02-02
http://www.ubuntu.com/usn/usn-628-1 2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html 2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html 2024-02-02
https://access.redhat.com/security/cve/CVE-2008-0599 2008-07-02
https://bugzilla.redhat.com/show_bug.cgi?id=445003 2008-07-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 < 5.2.6
Search vendor "Php" for product "Php" and version " < 5.2.6"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 8
Search vendor "Fedoraproject" for product "Fedora" and version "8"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 9
Search vendor "Fedoraproject" for product "Fedora" and version "9"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 < 10.5.4
Search vendor "Apple" for product "Mac Os X" and version " < 10.5.4"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X Server
Search vendor "Apple" for product "Mac Os X Server"
 < 10.5.4
Search vendor "Apple" for product "Mac Os X Server" and version " < 10.5.4"
-
Affected