Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2004-0594
HistoryJul 27, 2004 - 4:00 a.m.

CVE-2004-0594

2004-07-2704:00:00
CWE-367
[email protected]
web.nvd.nist.gov
4

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.613

Percentile

97.8%

JSON

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Affected configurations

NVD
Node
openpkgopenpkgMatch2.0
OR
openpkgopenpkgMatch2.1
OR
avayaconverged_communications_serverMatch2.0
OR
debiandebian_linuxMatch3.0
OR
hphp-uxMatchb.11.00
OR
hphp-uxMatchb.11.11
OR
hphp-uxMatchb.11.22
OR
hphp-uxMatchb.11.23
OR
trustixsecure_linuxMatch1.5
OR
trustixsecure_linuxMatch2.0
OR
trustixsecure_linuxMatch2.1
Node
phpphpRange4.0–4.3.7
OR
phpphpMatch5.0.0beta1
OR
phpphpMatch5.0.0beta2
OR
phpphpMatch5.0.0beta3
OR
phpphpMatch5.0.0beta4
OR
phpphpMatch5.0.0rc1
OR
phpphpMatch5.0.0rc2

References

Related

openvas 14
canvas 1
nessus 13
cvelist 1
freebsd 1
cve 1
osv 2
debian 3
securityvulns 2
slackware 1
gentoo 1
redhat 2
suse 1
openvas
openvas
php -- memory_limit related vulnerability
2008-09-04 00:00:00
php -- memory_limit related vulnerability
2008-09-04 00:00:00
Debian: Security Advisory (DSA-669-1)
2008-01-17 00:00:00
canvas
canvas
Immunity Canvas: PHP_LIMIT
2004-07-27 04:00:00
nessus
nessus
FreeBSD : php -- memory_limit related vulnerability (dd7aa4f1-102f-11d9-8a8a-000c41e2cdad)
2005-07-13 00:00:00
Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2004-202-01)
2005-07-13 00:00:00
Mandrake Linux Security Advisory : php (MDKSA-2004:068)
2004-07-31 00:00:00
cvelist
cvelist
CVE-2004-0594
2004-07-16 04:00:00
freebsd
freebsd
php -- memory_limit related vulnerability
2004-07-07 00:00:00
cve
cve
CVE-2004-0594
2004-07-27 04:00:00
osv
osv
php4 - several vulnerabilities
2004-07-20 00:00:00
php3 - several
2005-02-07 00:00:00
debian
debian
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
securityvulns
securityvulns
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
2004-07-14 00:00:00
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
2005-05-17 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.613

Percentile

97.8%

JSON
Related for NVD:CVE-2004-0594
openvas14canvas1nessus13cvelist1freebsd1cve1osv2debian3securityvulns2slackware1gentoo1redhat2suse1