Lucene search

[email protected]CVE-2011-3379

HistoryNov 03, 2011 - 3:55 p.m.

CVE-2011-3379

2011-11-0315:55:00

CWE-94

[email protected]

web.nvd.nist.gov

php

5.3.7

5.3.8

vulnerability

is_a function

cve-2011-3379

nvd

remote code execution

pear packages

autoloaders

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.8%

JSON

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

CPENameOperatorVersion
php:phpphpeq5.3.8
php:phpphpeq5.3.7

CPE	Name	Operator	Version
php:php	php	eq	5.3.8
php:php	php	eq	5.3.7

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

securityreason.com/securityalert/8525

svn.php.net/viewvc/?view=revision&revision=317183

www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/

www.securityfocus.com/archive/1/519770/30/0/threaded

bugs.php.net/bug.php?id=55475

bugzilla.redhat.com/show_bug.cgi?id=741020

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.8%

JSON

Related for CVE-2011-3379

openvas13 fedora3 ubuntucve2 nessus9 prion2 securityvulns2 debiancve1 cve1 amazon1 gentoo1