Lucene search
Ubuntu.comUB:CVE-2008-0599HistoryMay 05, 2008 - 12:00 a.m.
CVE-2008-0599
2008-05-0500:00:00
ubuntu.com
ubuntu.com
11
0.245 Low
EPSS
Percentile
96.6%
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6
does not properly consider operator precedence when calculating the length
of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary
code via a crafted URI.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | dapper and feisty have different code that is not affected |
Related
seebug
seebug
PHP 5.2.6修复多个安全漏洞
2008-05-07 00:00:00
openvas
openvas
SLES10: Security update for PHP5
2009-10-13 00:00:00
Slackware Advisory SSA:2008-128-01 php
2012-09-11 00:00:00
HP-UX Update for Apache with PHP HPSBUX02342
2009-05-05 00:00:00
cert
cert
PHP path translation vulnerability
2008-05-06 00:00:00
attackerkb
attackerkb
CVE-2008-0599
2008-05-05 00:00:00
nessus
nessus
PHP 5.x < 5.2.6 Multiple Vulnerabilities
2008-05-02 00:00:00
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 5345)
2008-06-26 00:00:00
Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : php (SSA:2008-128-01)
2008-05-28 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:22:33
prion
prion
Code injection
2008-05-05 17:20:00
cve
cve
CVE-2008-0599
2008-05-05 17:20:00
slackware
slackware
[slackware-security] php
2008-05-08 03:53:08
cvelist
cvelist
CVE-2008-0599
2008-05-05 17:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-06-20 19:09:41
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-07-26 06:03:23
[SECURITY] Fedora 8 Update: php-5.2.6-2.fc8
2008-06-20 19:08:56
redhat
redhat
ubuntu
ubuntu
PHP vulnerabilities
2008-07-23 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2008-11-16 00:00:00