7.5

CVE-2005-3390

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version3.0
PhpPhp Version3.0.1
PhpPhp Version3.0.2
PhpPhp Version3.0.3
PhpPhp Version3.0.4
PhpPhp Version3.0.5
PhpPhp Version3.0.6
PhpPhp Version3.0.7
PhpPhp Version3.0.8
PhpPhp Version3.0.9
PhpPhp Version3.0.10
PhpPhp Version3.0.11
PhpPhp Version3.0.12
PhpPhp Version3.0.13
PhpPhp Version3.0.14
PhpPhp Version3.0.15
PhpPhp Version3.0.16
PhpPhp Version3.0.17
PhpPhp Version3.0.18
PhpPhp Version4.0.0
PhpPhp Version4.0.1
PhpPhp Version4.0.1 Updatepatch1
PhpPhp Version4.0.1 Updatepatch2
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.3 Updatepatch1
PhpPhp Version4.0.4
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.0.7
PhpPhp Version4.0.7 Updaterc1
PhpPhp Version4.0.7 Updaterc2
PhpPhp Version4.0.7 Updaterc3
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2 Editiondev
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version4.3.0
PhpPhp Version4.3.1
PhpPhp Version4.3.2
PhpPhp Version4.3.3
PhpPhp Version4.3.4
PhpPhp Version4.3.5
PhpPhp Version4.3.6
PhpPhp Version4.3.7
PhpPhp Version4.3.8
PhpPhp Version4.3.9
PhpPhp Version4.3.10
PhpPhp Version4.3.11
PhpPhp Version4.4.0
PhpPhp Version5.0 Updaterc1
PhpPhp Version5.0 Updaterc2
PhpPhp Version5.0 Updaterc3
PhpPhp Version5.0.0
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 65.51% 0.992
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/17559
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://secunia.com/advisories/22691
http://www.php.net/release_4_4_1.php
Patch
http://www.vupen.com/english/advisories/2006/4320
http://secunia.com/advisories/17371
Patch
Vendor Advisory
http://secunia.com/advisories/17510
http://secunia.com/advisories/17557
http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:213
http://www.vupen.com/english/advisories/2005/2254
http://www.novell.com/linux/security/advisories/2005_27_sr.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/21252
http://secunia.com/advisories/18198
https://www.ubuntu.com/usn/usn-232-1/
http://secunia.com/advisories/17490
http://secunia.com/advisories/17531
http://secunia.com/advisories/18669
http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm
http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html
http://www.redhat.com/support/errata/RHSA-2005-831.html
http://www.redhat.com/support/errata/RHSA-2005-838.html
http://secunia.com/advisories/18054
http://www.securityfocus.com/archive/1/419504/100/0/threaded
http://securityreason.com/securityalert/132
http://securitytracker.com/id?1015129
http://www.hardened-php.net/advisory_202005.79.html
Vendor Advisory
http://www.hardened-php.net/globals-problem
http://www.securityfocus.com/archive/1/415290/30/0/threaded
http://www.securityfocus.com/bid/15250
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537