[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0594Date: (C)2004-07-27   (M)2024-02-23


The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-10725
2004-0039
http://marc.info/?l=bugtraq&m=108981780109154&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023908.html
http://marc.info/?l=bugtraq&m=108982983426031&w=2
http://marc.info/?l=bugtraq&m=109051444105182&w=2
CLA-2004:847
DSA-531
DSA-669
GLSA-200407-13
MDKSA-2004:068
RHSA-2004:392
RHSA-2004:395
RHSA-2004:405
RHSA-2005:816
SSRT4777
SUSE-SA:2004:021
oval:org.mitre.oval:def:10896
php-memorylimit-code-execution(16693)

CWE    1
CWE-367

© SecPod Technologies