5
CVE-2008-3660
- EPSS 3.35%
- Veröffentlicht 15.08.2008 00:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.35% | 0.871 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://secunia.com/advisories/35650
http://secunia.com/advisories/32746
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://secunia.com/advisories/31982
http://wiki.rpath.com/Advisories:rPSA-2009-0035
http://www.securityfocus.com/archive/1/501376/100/0/threaded
http://secunia.com/advisories/35306
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://www.vupen.com/english/advisories/2008/2336
http://bugs.gentoo.org/show_bug.cgi?id=234102
http://secunia.com/advisories/32148
http://www.debian.org/security/2008/dsa-1647
http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
http://www.mandriva.com/security/advisories?name=MDVSA-2009:024
http://www.openwall.com/lists/oss-security/2008/08/08/2
http://www.openwall.com/lists/oss-security/2008/08/13/8
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.securitytracker.com/id?1020994
https://exchange.xforce.ibmcloud.com/vulnerabilities/44402
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597