9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.245 Low
EPSS
Percentile
96.6%
It was discovered that PHP did not properly check the length of the
string parameter to the fnmatch function. An attacker could cause a
denial of service in the PHP interpreter if a script passed untrusted
input to the fnmatch function. (CVE-2007-4782)
Maksymilian Arciemowicz discovered a flaw in the cURL library that
allowed safe_mode and open_basedir restrictions to be bypassed. If a
PHP application were tricked into processing a bad file:// request,
an attacker could read arbitrary files. (CVE-2007-4850)
Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars
functions did not correctly stop when handling partial multibyte
sequences. A remote attacker could exploit this to read certain areas
of memory, possibly gaining access to sensitive information. This
issue affects Ubuntu 8.04 LTS, and an updated fix is included for
Ubuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898)
It was discovered that the output_add_rewrite_var function would
sometimes leak session id information to forms targeting remote URLs.
Malicious remote sites could use this information to gain access to a
PHP application user’s login credentials. This issue only affects
Ubuntu 8.04 LTS. (CVE-2007-5899)
It was discovered that PHP did not properly calculate the length of
PATH_TRANSLATED. If a PHP application were tricked into processing
a malicious URI, and attacker may be able to execute arbitrary code
with application privileges. (CVE-2008-0599)
An integer overflow was discovered in the php_sprintf_appendstring
function. Attackers could exploit this to cause a denial of service.
(CVE-2008-1384)
Andrei Nigmatulin discovered stack-based overflows in the FastCGI SAPI
of PHP. An attacker may be able to leverage this issue to perform
attacks against PHP applications. (CVE-2008-2050)
It was discovered that the escapeshellcmd did not properly process
multibyte characters. An attacker may be able to bypass quoting
restrictions and possibly execute arbitrary code with application
privileges. (CVE-2008-2051)
It was discovered that the GENERATE_SEED macro produced a predictable
seed under certain circumstances. Attackers may by able to easily
predict the results of the rand and mt_rand functions.
(CVE-2008-2107, CVE-2008-2108)
Tavis Ormandy discovered that the PCRE library did not correctly
handle certain in-pattern options. An attacker could cause PHP
applications using pcre to crash, leading to a denial of service.
USN-624-1 fixed vulnerabilities in the pcre3 library. This update
provides the corresponding update for PHP. (CVE-2008-2371)
It was discovered that php_imap used obsolete API calls. If a PHP
application were tricked into processing a malicious IMAP request,
an attacker could cause a denial of service or possibly execute code
with application privileges. (CVE-2008-2829)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | php5-cli | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libapache2-mod-php5 | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-cgi | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-common | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-curl | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-dev | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-gd | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-gmp | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-ldap | < 5.2.4-2ubuntu5.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | php5-mhash | < 5.2.4-2ubuntu5.3 | UNKNOWN |
ubuntu.com/security/CVE-2007-4782
ubuntu.com/security/CVE-2007-4850
ubuntu.com/security/CVE-2007-5898
ubuntu.com/security/CVE-2007-5899
ubuntu.com/security/CVE-2008-0599
ubuntu.com/security/CVE-2008-1384
ubuntu.com/security/CVE-2008-2050
ubuntu.com/security/CVE-2008-2051
ubuntu.com/security/CVE-2008-2107
ubuntu.com/security/CVE-2008-2108
ubuntu.com/security/CVE-2008-2371
ubuntu.com/security/CVE-2008-2829
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.245 Low
EPSS
Percentile
96.6%