Published: 15/08/2008 Updated: 11/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

PHP 4.4.x prior to 4.4.9, and 5.x up to and including 5.2.6, when used as a FastCGI module, allows remote malicious users to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.4.0
php php 4.4.1
php php 4.4.8
php php 5.2.0
php php 4.4.2
php php 4.4.3
php php 5.2.1
php php 5.2.2
php php 4.4.4
php php 4.4.5
php php 5.2.3
php php 5.2.4
php php 4.4.6
php php 4.4.7
php php 5.2.5
php php 5.2.6

Synopsis Moderate: php security update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix several security issues are now available forRed Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Descriptio ...

It was discovered that PHP did not properly enforce php_admin_value and php_admin_flag restrictions in the Apache configuration file A local attacker could create a specially crafted PHP script that would bypass intended security restrictions This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2007-5900) ...

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3658 Buffer overflow in the imageloadfont function allows a denial of service or code execution through a crafted font file CVE-2008-3659 Buf ...

CWE-20 http://bugs.gentoo.org/show_bug.cgi?id=234102 http://www.openwall.com/lists/oss-security/2008/08/08/2 http://www.openwall.com/lists/oss-security/2008/08/13/8 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.debian.org/security/2008/dsa-1647 http://www.securitytracker.com/id?1020994 http://secunia.com/advisories/32148 http://www.mandriva.com/security/advisories?name=MDVSA-2009:021 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.mandriva.com/security/advisories?name=MDVSA-2009:024 http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://secunia.com/advisories/31982 http://wiki.rpath.com/Advisories:rPSA-2009-0035 http://www.vupen.com/english/advisories/2008/2336 http://www.redhat.com/support/errata/RHSA-2009-0350.html http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://support.apple.com/kb/HT3549 http://secunia.com/advisories/35074 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://www.vupen.com/english/advisories/2009/1297 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html http://secunia.com/advisories/35306 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://secunia.com/advisories/35650 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/32746 http://security.gentoo.org/glsa/glsa-200811-05.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/44402 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597 http://www.securityfocus.com/archive/1/501376/100/0/threaded https://access.redhat.com/errata/RHSA-2009:0338 https://usn.ubuntu.com/720-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3660

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect