CVE-2008-0599
high-risk
Published 2008-05-05
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Do I need to act?
!
38.9% chance of exploitation in next 30 days
EPSS score — higher than 61% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (9)
Affected Vendors
References (72)
Mailing List
http://marc.info/?l=bugtraq&m=124654546101607&w=2
Mailing List
http://marc.info/?l=bugtraq&m=125631037611762&w=2
Broken Link
http://secunia.com/advisories/30048
Broken Link
http://secunia.com/advisories/30083
Broken Link
http://secunia.com/advisories/30345
Broken Link
http://secunia.com/advisories/30616
Broken Link
http://secunia.com/advisories/30757
Broken Link
http://secunia.com/advisories/30828
Broken Link
http://secunia.com/advisories/31200
Broken Link
http://secunia.com/advisories/31326
Broken Link
http://secunia.com/advisories/32746
Broken Link
http://secunia.com/advisories/35650
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200811-05.xml
Third Party Advisory
http://www.kb.cert.org/vuls/id/147027
and 52 more references
64
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
17/34 · Moderate
Exposure
15/34 · Moderate