Home  >  CVE-2002-0081
CVE Details for CVE: CVE-2002-0081
Summary
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Timestamps
Last major update 18-10-2016 - 02:15
Published 08-03-2002 - 05:00
Last modified 18-10-2016 - 02:15
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
7.5
Impact
6.4
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2002:035
  • rhsa
    id RHSA-2002:040
refmap via4
bid 4183
bugtraq
  • 20020227 Advisory 012002: PHP remote vulnerabilities
  • 20020228 TSLSA-2002-0033 - mod_php
  • 20020304 Apache+php Proof of Concept Exploit
cert CA-2002-05
cert-vn VU#297363
conectiva CLA-2002:468
confirm http://www.php.net/downloads.php
debian DSA-115
engarde ESA-20020301-006
hp HPSBTL0203-028
mandrake MDKSA-2002:017
misc http://security.e-matters.de/advisories/012002.html
ntbugtraq 20020227 PHP remote vulnerabilities
suse SuSE-SA:2002:007
vuln-dev 20020225 Re: Rumours about Apache 1.3.22 exploits
xf php-file-upload-overflow(8281)