CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
87.9%
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
osvdb.org/36085
secunia.com/advisories/26085
secunia.com/advisories/26642
secunia.com/advisories/27102
secunia.com/advisories/30158
secunia.com/advisories/30288
www.debian.org/security/2008/dsa-1572
www.debian.org/security/2008/dsa-1578
www.exploit-db.com/exploits/4181
www.gentoo.org/security/en/glsa/glsa-200710-02.xml
www.php.net/ChangeLog-5.php#5.2.4
www.php.net/releases/5_2_4.php
www.securityfocus.com/bid/24922
www.securityfocus.com/bid/25498
www.vupen.com/english/advisories/2007/2547
exchange.xforce.ibmcloud.com/vulnerabilities/35437
More