CVE-2017-5677
First published: Mon Feb 06 2017(Updated: )
PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PEAR HTML_AJAX | =0.3.0 | |
| PEAR HTML_AJAX | =0.3.1 | |
| PEAR HTML_AJAX | =0.3.2 | |
| PEAR HTML_AJAX | =0.3.3 | |
| PEAR HTML_AJAX | =0.3.4 | |
| PEAR HTML_AJAX | =0.4.0 | |
| PEAR HTML_AJAX | =0.4.1 | |
| PEAR HTML_AJAX | =0.5.0 | |
| PEAR HTML_AJAX | =0.5.1 | |
| PEAR HTML_AJAX | =0.5.2 | |
| PEAR HTML_AJAX | =0.5.3 | |
| PEAR HTML_AJAX | =0.5.4 | |
| PEAR HTML_AJAX | =0.5.5 | |
| PEAR HTML_AJAX | =0.5.6 | |
| PEAR HTML_AJAX | =0.5.7 | |
| =0.3.0 | ||
| =0.3.1 | ||
| =0.3.2 | ||
| =0.3.3 | ||
| =0.3.4 | ||
| =0.4.0 | ||
| =0.4.1 | ||
| =0.5.0 | ||
| =0.5.1 | ||
| =0.5.2 | ||
| =0.5.3 | ||
| =0.5.4 | ||
| =0.5.5 | ||
| =0.5.6 | ||
| =0.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blog.pear.php.net/2017/02/02/security-html_ajax-058/
- http://karmainsecurity.com/KIS-2017-01
- http://seclists.org/fulldisclosure/2017/Feb/12
- http://www.securityfocus.com/bid/96044
- https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646
- https://pear.php.net/bugs/bug.php?id=21165
Frequently Asked Questions
What is the severity of CVE-2017-5677?
CVE-2017-5677 is categorized as having a high severity due to its potential for remote code execution.
How do I fix CVE-2017-5677?
To fix CVE-2017-5677, upgrade PEAR HTML_AJAX to version 0.6.0 or later.
What versions are affected by CVE-2017-5677?
CVE-2017-5677 affects PEAR HTML_AJAX versions 0.3.0 through 0.5.7.
What type of vulnerability is CVE-2017-5677?
CVE-2017-5677 is a PHP Object Injection vulnerability that allows for remote code execution.
What is the root cause of CVE-2017-5677?
The root cause of CVE-2017-5677 is an incorrect regular expression in the PHP Serializer.
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- agent/severity
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/pear
- canonical/pear html_ajax
- version/pear html_ajax/0.3.0
- version/pear html_ajax/0.3.1
- version/pear html_ajax/0.3.2
- version/pear html_ajax/0.3.3
- version/pear html_ajax/0.3.4
- version/pear html_ajax/0.4.0
- version/pear html_ajax/0.4.1
- version/pear html_ajax/0.5.0
- version/pear html_ajax/0.5.1
- version/pear html_ajax/0.5.2
- version/pear html_ajax/0.5.3
- version/pear html_ajax/0.5.4
- version/pear html_ajax/0.5.5
- version/pear html_ajax/0.5.6
- version/pear html_ajax/0.5.7