Published: 27/10/2005 Updated: 30/10/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 250

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x prior to 5.1.0 final and 4.4 prior to 4.4.1 final allows malicious users to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.0.1
php php 4.0.7
php php 4.0.0
php php 4.0.5
php php 4.0.6
php php 4.1.2
php php 4.2.0
php php 4.3.10
php php 4.3.11
php php 4.3.9
php php 4.4.0
php php 5.0
php php 4.0.2
php php 4.2.3
php php 4.2
php php 4.3.4
php php 4.3.5
php php 5.0.2
php php 5.0.3
php php 4.2.1
php php 4.2.2
php php 4.3.2
php php 4.3.3
php php 5.0.0
php php 5.0.1
php php 4.0.3
php php 4.0.4
php php 4.1.0
php php 4.1.1
php php 4.3.0
php php 4.3.1
php php 4.3.6
php php 4.3.7
php php 4.3.8
php php 5.0.4
php php 5.0.5

Eric Romang discovered a local Denial of Service vulnerability in the handling of the ‘sessionsave_path’ parameter in PHP’s Apache 20 module By setting this parameter to an invalid value in an htaccess file, a local user could crash the Apache server (CVE-2005-3319) ...

Debian Bug report logs - #336654 PHP 505 contains unfixed security bugs Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 20:48:02 UTC Severity ...

Debian Bug report logs - #336645 PHP 441 fixes security bugs Package: php4; Maintainer for php4 is (unknown); Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 19:48:02 UTC Severity: grave Tags: security Found in version php4/4:4310-16 Fixed in version php4/4:442-1 Done: Adam Conrad <adconrad ...

Debian Bug report logs - #341368 CVE-2005-3883: Injection of arbitrary values into the To:-header of the md_send_mail() function Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inuti ...

Debian Bug report logs - #336004 CVE-2005-3319: mod_php DoS through sessionsave_path option Package: php4; Maintainer for php4 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Oct 2005 10:48:02 UTC Severity: important Tags: security Found in version php4/4:440-4 Fixed in version php4/4:442 ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0491.html http://bugs.gentoo.org/show_bug.cgi?id=107602 http://www.securityfocus.com/bid/15177 http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml http://secunia.com/advisories/18198 http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html http://www.securityfocus.com/bid/16907 http://secunia.com/advisories/19064 http://secunia.com/advisories/17510 http://secunia.com/advisories/17557 http://www.osvdb.org/20491 http://secunia.com/advisories/22691 http://docs.info.apple.com/article.html?artnum=303382 http://www.mandriva.com/security/advisories?name=MDKSA-2005:213 http://www.us-cert.gov/cas/techalerts/TA06-062A.html http://securityreason.com/securityalert/525 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 http://www.vupen.com/english/advisories/2006/4320 http://www.vupen.com/english/advisories/2006/0791 http://marc.info/?l=bugtraq&m=113019286208204&w=2 https://www.ubuntu.com/usn/usn-232-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/22844 https://usn.ubuntu.com/232-1/https://nvd.nist.gov

CVE-2005-3319

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect