Lucene search

[email protected]CVE-2000-0967

HistoryDec 19, 2000 - 5:00 a.m.

CVE-2000-0967

2000-12-1905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2000-0967

php 3

php 4

remote attackers

commands

error logs

nvd.

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.34 Low

EPSS

Percentile

97.0%

JSON

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

CPENameOperatorVersion
php:phpphpeq3.0
php:phpphpeq4.0

CPE	Name	Operator	Version
php:php	php	eq	3.0
php:php	php	eq	4.0

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc

archives.neohapsis.com/archives/bugtraq/2000-10/0204.html

www.atstake.com/research/advisories/2000/a101200-1.txt

www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt

www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1

www.redhat.com/support/errata/RHSA-2000-088.html

www.redhat.com/support/errata/RHSA-2000-095.html

www.securityfocus.com/bid/1786

exchange.xforce.ibmcloud.com/vulnerabilities/5359

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.34 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2000-0967

nessus2