First published: Mon May 05 2008(Updated: )
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
PHP PHP | =5.1.5 | |
PHP PHP | =5.1.2 | |
PHP PHP | =5.1.1 | |
PHP PHP | =5.0.0-beta1 | |
PHP PHP | =5.1.6 | |
PHP PHP | =5.2.2 | |
PHP PHP | =5.0.5 | |
PHP PHP | =5.0.1 | |
PHP PHP | =5.1.4 | |
PHP PHP | =5.0.4 | |
PHP PHP | =5.0.0-rc2 | |
PHP PHP | =5.2.3 | |
PHP PHP | =5.0.3 | |
PHP PHP | =5.1.0 | |
PHP PHP | =5.0.0-rc3 | |
PHP PHP | <=5.2.5 | |
PHP PHP | =5.2.0 | |
PHP PHP | =5.2.4 | |
PHP PHP | =5.0.0-beta3 | |
PHP PHP | =5.1.3 | |
PHP PHP | =5.0.0-rc1 | |
PHP PHP | =5.0.2 | |
PHP PHP | =5.2.1 | |
PHP PHP | =5.0.0-beta4 | |
PHP PHP | =5.0.0-beta2 | |
PHP PHP | <5.2.6 | |
Fedoraproject Fedora | =8 | |
Fedoraproject Fedora | =9 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =7.04 | |
Canonical Ubuntu Linux | =7.10 | |
Canonical Ubuntu Linux | =8.04 | |
Apple Mac OS X | <10.5.4 | |
Apple Mac OS X Server | <10.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.