4.3

CVE-2011-3189

Exploit
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version5.3.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.21% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130
http://osvdb.org/74726
http://secunia.com/advisories/45678
Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/08/23/4
http://www.php.net/ChangeLog-5.php#5.3.8
http://www.php.net/archive/2011.php#id2011-08-23-1
https://bugs.gentoo.org/show_bug.cgi?id=380261
https://bugs.php.net/bug.php?id=55439
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/69429