Lucene search

[email protected]NVD:CVE-2005-3390

HistoryNov 01, 2005 - 12:47 p.m.

CVE-2005-3390

2005-11-0112:47:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.938

Percentile

99.1%

JSON

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a “GLOBALS” fileupload field.

Affected configurations

NVD

Node

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.3patch1

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2dev

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch5.0rc1

phpphpMatch5.0rc2

phpphpMatch5.0rc3

phpphpMatch5.0.0

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

References

itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

rhn.redhat.com/errata/RHSA-2006-0549.html

secunia.com/advisories/17371

secunia.com/advisories/17490

secunia.com/advisories/17510

secunia.com/advisories/17531

secunia.com/advisories/17557

secunia.com/advisories/17559

secunia.com/advisories/18054

secunia.com/advisories/18198

secunia.com/advisories/18669

secunia.com/advisories/21252

secunia.com/advisories/22691

securityreason.com/securityalert/132

securitytracker.com/id?1015129

support.avaya.com/elmodocs2/security/ASA-2006-037.htm

www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html

www.gentoo.org/security/en/glsa/glsa-200511-08.xml

www.hardened-php.net/advisory_202005.79.html

www.hardened-php.net/globals-problem

www.mandriva.com/security/advisories?name=MDKSA-2005:213

www.novell.com/linux/security/advisories/2005_27_sr.html

www.openpkg.org/security/OpenPKG-SA-2005.027-php.html

www.php.net/release_4_4_1.php

www.redhat.com/support/errata/RHSA-2005-831.html

www.redhat.com/support/errata/RHSA-2005-838.html

www.securityfocus.com/archive/1/415290/30/0/threaded

www.securityfocus.com/archive/1/419504/100/0/threaded

www.securityfocus.com/bid/15250

www.vupen.com/english/advisories/2005/2254

www.vupen.com/english/advisories/2006/4320

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537

www.ubuntu.com/usn/usn-232-1/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.938

Percentile

99.1%

JSON

Related for NVD:CVE-2005-3390

cve1 ubuntucve1 cvelist1 checkpoint_advisories2 nessus12 openvas8 redhat2 centos3 suse1 gentoo1 ubuntu1 securityvulns1