Lucene search

[email protected]NVD:CVE-2000-0967

HistoryDec 19, 2000 - 5:00 a.m.

CVE-2000-0967

2000-12-1905:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.34

Percentile

97.1%

JSON

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Affected configurations

Nvd

Node

phpphpMatch3.0

phpphpMatch4.0

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc

archives.neohapsis.com/archives/bugtraq/2000-10/0204.html

www.atstake.com/research/advisories/2000/a101200-1.txt

www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt

www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1

www.redhat.com/support/errata/RHSA-2000-088.html

www.redhat.com/support/errata/RHSA-2000-095.html

www.securityfocus.com/bid/1786

exchange.xforce.ibmcloud.com/vulnerabilities/5359

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.34

Percentile

97.1%

JSON

Related for NVD:CVE-2000-0967

nessus2 cvelist1 cve1