5
CVSSv2

CVE-2008-3660

Published: 15/08/2008 Updated: 11/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

PHP 4.4.x prior to 4.4.9, and 5.x up to and including 5.2.6, when used as a FastCGI module, allows remote malicious users to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 4.4.0

php php 4.4.1

php php 4.4.8

php php 5.2.0

php php 4.4.2

php php 4.4.3

php php 5.2.1

php php 5.2.2

php php 4.4.4

php php 4.4.5

php php 5.2.3

php php 5.2.4

php php 4.4.6

php php 4.4.7

php php 5.2.5

php php 5.2.6

Vendor Advisories

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix several security issues are now available forRed Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Descriptio ...
It was discovered that PHP did not properly enforce php_admin_value and php_admin_flag restrictions in the Apache configuration file A local attacker could create a specially crafted PHP script that would bypass intended security restrictions This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2007-5900) ...
Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3658 Buffer overflow in the imageloadfont function allows a denial of service or code execution through a crafted font file CVE-2008-3659 Buf ...

References

CWE-20http://bugs.gentoo.org/show_bug.cgi?id=234102http://www.openwall.com/lists/oss-security/2008/08/08/2http://www.openwall.com/lists/oss-security/2008/08/13/8http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlhttp://www.debian.org/security/2008/dsa-1647http://www.securitytracker.com/id?1020994http://secunia.com/advisories/32148http://www.mandriva.com/security/advisories?name=MDVSA-2009:021http://www.mandriva.com/security/advisories?name=MDVSA-2009:023http://www.mandriva.com/security/advisories?name=MDVSA-2009:024http://www.mandriva.com/security/advisories?name=MDVSA-2009:022http://secunia.com/advisories/31982http://wiki.rpath.com/Advisories:rPSA-2009-0035http://www.vupen.com/english/advisories/2008/2336http://www.redhat.com/support/errata/RHSA-2009-0350.htmlhttp://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://support.apple.com/kb/HT3549http://secunia.com/advisories/35074http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://www.vupen.com/english/advisories/2009/1297https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.htmlhttp://secunia.com/advisories/35306https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://secunia.com/advisories/35650http://marc.info/?l=bugtraq&m=125631037611762&w=2http://secunia.com/advisories/32746http://security.gentoo.org/glsa/glsa-200811-05.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/44402https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597http://www.securityfocus.com/archive/1/501376/100/0/threadedhttps://access.redhat.com/errata/RHSA-2009:0338https://usn.ubuntu.com/720-1/https://nvd.nist.gov