Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2004-0594
HistoryJul 27, 2004 - 4:00 a.m.

CVE-2004-0594

2004-07-2704:00:00
CWE-367
[email protected]
web.nvd.nist.gov
49
php
memory_limit
vulnerability
remote code execution
cve-2004-0594
nvd

7.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.613 Medium

EPSS

Percentile

97.8%

JSON

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

References

Related

freebsd 1
canvas 1
openvas 14
nessus 13
debian 3
redhat 2
slackware 1
gentoo 1
securityvulns 2
osv 2
suse 1
freebsd
freebsd
php -- memory_limit related vulnerability
2004-07-07 00:00:00
canvas
canvas
Immunity Canvas: PHP_LIMIT
2004-07-27 04:00:00
openvas
openvas
php -- memory_limit related vulnerability
2008-09-04 00:00:00
php -- memory_limit related vulnerability
2008-09-04 00:00:00
Debian Security Advisory DSA 669-1 (php3)
2008-01-17 00:00:00
nessus
nessus
FreeBSD : php -- memory_limit related vulnerability (dd7aa4f1-102f-11d9-8a8a-000c41e2cdad)
2005-07-13 00:00:00
Debian DSA-669-1 : php3 - several vulnerabilities
2005-02-10 00:00:00
SUSE-SA:2004:021: php4/mod_php4
2004-07-25 00:00:00
debian
debian
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
securityvulns
securityvulns
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
2004-07-14 00:00:00
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
2005-05-17 00:00:00
osv
osv
php3 - several
2005-02-07 00:00:00
php4 - several vulnerabilities
2004-07-20 00:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18

7.4 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.613 Medium

EPSS

Percentile

97.8%

JSON
Related for CVE-2004-0594
freebsd1canvas1openvas14nessus13debian3redhat2slackware1gentoo1securityvulns2osv2suse1