CVE-2011-1657

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.

Las funciones (1) ZipArchive::addGlob y (2) ZipArchive::addPattern en ext/zip/php_zip.c en PHP v5.3.6 permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de la aplicación) a través de ciertos argumentos bandera, como se demostró por (a) GLOB_ALTDIRFUNC y (b) GLOB_APPEND.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-04-07 CVE Reserved
2011-08-19 CVE Published
2023-09-13 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors

CAPEC

References (14)

URL	Tag	Source
http://securityreason.com/securityalert/8342	Third Party Advisory
http://support.apple.com/kb/HT5130	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2011/07/01/7	Mailing List
http://www.openwall.com/lists/oss-security/2011/07/01/8	Mailing List
http://www.securityfocus.com/archive/1/519385/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/49252	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/69320	Vdb Entry

URL	Date	SRC
http://securityreason.com/achievement_securityalert/100	2024-08-06
https://bugs.php.net/bug.php?id=54681	2024-08-06

URL	Date	SRC
http://svn.php.net/viewvc/?view=revision&revision=310814	2018-10-09
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log	2018-10-09
http://www.openwall.com/lists/oss-security/2011/07/01/6	2018-10-09

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	2018-10-09
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.6 Search vendor "Php" for product "Php" and version "5.3.6"		-		Affected