Lucene search

[email protected]CVE-2017-5677

HistoryFeb 06, 2017 - 6:59 p.m.

CVE-2017-5677

2017-02-0618:59:00

[email protected]

web.nvd.nist.gov

cve-2017-5677

pear

html_ajax

php

object injection

remote code execution

regular expression

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

JSON

PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.

Affected configurations

NVD

Node

pearhtml_ajaxMatch0.3.0

pearhtml_ajaxMatch0.3.1

pearhtml_ajaxMatch0.3.2

pearhtml_ajaxMatch0.3.3

pearhtml_ajaxMatch0.3.4

pearhtml_ajaxMatch0.4.0

pearhtml_ajaxMatch0.4.1

pearhtml_ajaxMatch0.5.0

pearhtml_ajaxMatch0.5.1

pearhtml_ajaxMatch0.5.2

pearhtml_ajaxMatch0.5.3

pearhtml_ajaxMatch0.5.4

pearhtml_ajaxMatch0.5.5

pearhtml_ajaxMatch0.5.6

pearhtml_ajaxMatch0.5.7

CPENameOperatorVersion
pear:html_ajaxpear html ajaxeq0.3.0
pear:html_ajaxpear html ajaxeq0.3.1
pear:html_ajaxpear html ajaxeq0.3.2
pear:html_ajaxpear html ajaxeq0.3.3
pear:html_ajaxpear html ajaxeq0.3.4
pear:html_ajaxpear html ajaxeq0.4.0
pear:html_ajaxpear html ajaxeq0.4.1
pear:html_ajaxpear html ajaxeq0.5.0
pear:html_ajaxpear html ajaxeq0.5.1
pear:html_ajaxpear html ajaxeq0.5.2

CPE	Name	Operator	Version
pear:html_ajax	pear html ajax	eq	0.3.0
pear:html_ajax	pear html ajax	eq	0.3.1
pear:html_ajax	pear html ajax	eq	0.3.2
pear:html_ajax	pear html ajax	eq	0.3.3
pear:html_ajax	pear html ajax	eq	0.3.4
pear:html_ajax	pear html ajax	eq	0.4.0
pear:html_ajax	pear html ajax	eq	0.4.1
pear:html_ajax	pear html ajax	eq	0.5.0
pear:html_ajax	pear html ajax	eq	0.5.1
pear:html_ajax	pear html ajax	eq	0.5.2

Rows per page:

1-10 of 151

References

blog.pear.php.net/2017/02/02/security-html_ajax-058/

karmainsecurity.com/KIS-2017-01

seclists.org/fulldisclosure/2017/Feb/12

www.securityfocus.com/bid/96044

gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646

pear.php.net/bugs/bug.php?id=21165

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.083 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2017-5677

seebug1 zdt1 cvelist1 prion1 nvd1