Lucene search

K

[email protected]CVE-2011-3189

HistoryAug 25, 2011 - 2:22 p.m.

CVE-2011-3189

2011-08-2514:22:00

CWE-310

[email protected]

web.nvd.nist.gov

44

cve-2011-3189

php 5.3.7

crypt function

authentication bypass

md5 hash

remote attackers

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.0%

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

CPENameOperatorVersion
php:phpphpeq5.3.7

References

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

osvdb.org/74726

secunia.com/advisories/45678

support.apple.com/kb/HT5130

www.openwall.com/lists/oss-security/2011/08/23/4

www.php.net/archive/2011.php#id2011-08-23-1

www.php.net/ChangeLog-5.php#5.3.8

bugs.gentoo.org/show_bug.cgi?id=380261

bugs.php.net/bug.php?id=55439

exchange.xforce.ibmcloud.com/vulnerabilities/69429

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.0%

Related for CVE-2011-3189

prion3 ubuntucve3 openvas79 nessus63 seebug1 securityvulns7 altlinux7 oraclelinux4 redhat3 suse1 veracode1 debian3 amazon2 debiancve1 ubuntu2 centos3 osv2 cve2 freebsd1 slackware1 fedora9 gentoo1