cvelistv5 - cve-2002-0081

CVE-2002-0081 (GCVE-0-2002-0081)

Vulnerability from cvelistv5

Published

2002-06-25 04:00

Modified

2024-08-08 02:35

Severity ?

CWE

Summary

Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

References

URL

Tags

cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
cve@mitre.org	http://marc.info/?l=bugtraq&m=101484705523351&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=101497256024338&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=101537076619812&w=2
cve@mitre.org	http://marc.info/?l=ntbugtraq&m=101484975231922&w=2
cve@mitre.org	http://marc.info/?l=vuln-dev&m=101468694824998&w=2
cve@mitre.org	http://online.securityfocus.com/advisories/3911
cve@mitre.org	http://security.e-matters.de/advisories/012002.html	Vendor Advisory
cve@mitre.org	http://www.cert.org/advisories/CA-2002-05.html	US Government Resource
cve@mitre.org	http://www.debian.org/security/2002/dsa-115
cve@mitre.org	http://www.iss.net/security_center/static/8281.php
cve@mitre.org	http://www.kb.cert.org/vuls/id/297363	US Government Resource
cve@mitre.org	http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php
cve@mitre.org	http://www.linuxsecurity.com/advisories/other_advisory-1924.html
cve@mitre.org	http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
cve@mitre.org	http://www.php.net/downloads.php	Patch
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-035.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-040.html
cve@mitre.org	http://www.securityfocus.com/bid/4183
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=101484705523351&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=101497256024338&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=101537076619812&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=ntbugtraq&m=101484975231922&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=vuln-dev&m=101468694824998&w=2
af854a3a-2127-422b-91ae-364da2661108	http://online.securityfocus.com/advisories/3911
af854a3a-2127-422b-91ae-364da2661108	http://security.e-matters.de/advisories/012002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2002-05.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2002/dsa-115
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/8281.php
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/297363	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php
af854a3a-2127-422b-91ae-364da2661108	http://www.linuxsecurity.com/advisories/other_advisory-1924.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/downloads.php	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-035.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-040.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/4183

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:35:17.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#297363",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/297363"
          },
          {
            "name": "MDKSA-2002:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
          },
          {
            "name": "20020225 Re: Rumours about Apache 1.3.22 exploits",
            "tags": [
              "mailing-list",
              "x_refsource_VULN-DEV",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
          },
          {
            "name": "php-file-upload-overflow(8281)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/8281.php"
          },
          {
            "name": "HPSBTL0203-028",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/3911"
          },
          {
            "name": "20020227 Advisory 012002: PHP remote vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
          },
          {
            "name": "DSA-115",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-115"
          },
          {
            "name": "20020228 TSLSA-2002-0033 - mod_php",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/downloads.php"
          },
          {
            "name": "CA-2002-05",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2002-05.html"
          },
          {
            "name": "CLA-2002:468",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
          },
          {
            "name": "4183",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4183"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.e-matters.de/advisories/012002.html"
          },
          {
            "name": "ESA-20020301-006",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
          },
          {
            "name": "SuSE-SA:2002:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
          },
          {
            "name": "20020227 PHP remote vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_NTBUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
          },
          {
            "name": "RHSA-2002:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
          },
          {
            "name": "RHSA-2002:040",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
          },
          {
            "name": "20020304 Apache+php Proof of Concept Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-06-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#297363",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/297363"
        },
        {
          "name": "MDKSA-2002:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
        },
        {
          "name": "20020225 Re: Rumours about Apache 1.3.22 exploits",
          "tags": [
            "mailing-list",
            "x_refsource_VULN-DEV"
          ],
          "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
        },
        {
          "name": "php-file-upload-overflow(8281)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/8281.php"
        },
        {
          "name": "HPSBTL0203-028",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/3911"
        },
        {
          "name": "20020227 Advisory 012002: PHP remote vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
        },
        {
          "name": "DSA-115",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-115"
        },
        {
          "name": "20020228 TSLSA-2002-0033 - mod_php",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/downloads.php"
        },
        {
          "name": "CA-2002-05",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2002-05.html"
        },
        {
          "name": "CLA-2002:468",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
        },
        {
          "name": "4183",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4183"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.e-matters.de/advisories/012002.html"
        },
        {
          "name": "ESA-20020301-006",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
        },
        {
          "name": "SuSE-SA:2002:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
        },
        {
          "name": "20020227 PHP remote vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_NTBUGTRAQ"
          ],
          "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
        },
        {
          "name": "RHSA-2002:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
        },
        {
          "name": "RHSA-2002:040",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
        },
        {
          "name": "20020304 Apache+php Proof of Concept Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#297363",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/297363"
            },
            {
              "name": "MDKSA-2002:017",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
            },
            {
              "name": "20020225 Re: Rumours about Apache 1.3.22 exploits",
              "refsource": "VULN-DEV",
              "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
            },
            {
              "name": "php-file-upload-overflow(8281)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/8281.php"
            },
            {
              "name": "HPSBTL0203-028",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/3911"
            },
            {
              "name": "20020227 Advisory 012002: PHP remote vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
            },
            {
              "name": "DSA-115",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-115"
            },
            {
              "name": "20020228 TSLSA-2002-0033 - mod_php",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
            },
            {
              "name": "http://www.php.net/downloads.php",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/downloads.php"
            },
            {
              "name": "CA-2002-05",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2002-05.html"
            },
            {
              "name": "CLA-2002:468",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
            },
            {
              "name": "4183",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4183"
            },
            {
              "name": "http://security.e-matters.de/advisories/012002.html",
              "refsource": "MISC",
              "url": "http://security.e-matters.de/advisories/012002.html"
            },
            {
              "name": "ESA-20020301-006",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
            },
            {
              "name": "SuSE-SA:2002:007",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
            },
            {
              "name": "20020227 PHP remote vulnerabilities",
              "refsource": "NTBUGTRAQ",
              "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
            },
            {
              "name": "RHSA-2002:035",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
            },
            {
              "name": "RHSA-2002:040",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
            },
            {
              "name": "20020304 Apache+php Proof of Concept Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0081",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2002-02-27T00:00:00",
    "dateUpdated": "2024-08-08T02:35:17.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-0081\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-03-08T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer en:(1) PHP 4.1.0, 4.1.1 y 4.0.6 y anteriores y (2) php3_mime_split en PHP 3.0.x permite que atacantes remotos ejecuten c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n de datos de formulario HTTP, v\u00eda POST, cuando \\\"file_uploads\\\" est\u00e1 activado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"245C601D-0FE7-47E3-8304-6FF45E9567D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2E5F96-66D2-4F99-A74D-6A2305EE218E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6713614A-B14E-4A85-BF89-ED780068FC68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD95F8EB-B428-4B3C-9254-A5DECE03A989\"}]}]}],\"references\":[{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://online.securityfocus.com/advisories/3911\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.e-matters.de/advisories/012002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2002-05.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.debian.org/security/2002/dsa-115\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.iss.net/security_center/static/8281.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/297363\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.linuxsecurity.com/advisories/other_advisory-1924.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.php.net/downloads.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-035.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-040.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/4183\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://online.securityfocus.com/advisories/3911\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.e-matters.de/advisories/012002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.cert.org/advisories/CA-2002-05.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.debian.org/security/2002/dsa-115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.iss.net/security_center/static/8281.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/297363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.linuxsecurity.com/advisories/other_advisory-1924.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.php.net/downloads.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/4183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

rhsa-2002_035

Vulnerability from csaf_redhat

Published

2002-02-28 17:54

Modified

2024-11-21 22:18

Summary

Red Hat Security Advisory: : Updated PHP packages are available [updated 2002-Mar-11]

Notes

Topic

Updated PHP packages are available to fix vulnerabilities in the functions that parse multipart MIME data, which are used when uploading files through forms. This revised advisory contains updated packages for Red Hat Linux 7, 7.1, and 7.2.

Details

PHP is an HTML-embeddable scripting language. A number of flaws have been found in the way PHP handles multipart/form-data POST requests. Each of these flaws could allow an attacker to execute arbitrary code on the remote system. PHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an arbitrary heap overflow (easy to exploit). These versions of PHP were shipped with Red Hat Linux 6.2. PHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and a heap-off-by-one (easy to exploit). These versions of PHP were shipped with Red Hat Linux 7.0. PHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one hard to exploit). These versions of PHP were shipped with Red Hat Linux 7.1 and as erratas to 7.0. PHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to exploit). These versions of PHP were shipped with Red Hat Linux 7.2 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0081 to this issue. If you are running PHP 4.0.3 or above, one way to work around these bugs is to disable the fileupload support within your php.ini file (by setting file_uploads = Off). All users of PHP are advised to immediately upgrade to these errata packages which close these vulnerabilities. A previous version of this erratum included a version of the MySQL extension which was compiled with an incorrect default pathname for the socket used to connect to database servers residing on the local host. This setting corresponds to the mysql.default_socket setting in the /etc/php.ini file, and can also be corrected there.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated PHP packages are available to fix vulnerabilities in the functions\nthat parse multipart MIME data, which are used when uploading files\nthrough forms.\n\nThis revised advisory contains updated packages for Red Hat Linux 7, 7.1,\nand 7.2.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embeddable scripting language.  A number of flaws have been\nfound in the way PHP handles multipart/form-data POST requests.  Each of\nthese flaws could allow an attacker to execute arbitrary code on the remote\nsystem.\n\nPHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an\narbitrary heap overflow (easy to exploit).  These versions of PHP were\nshipped with Red Hat Linux 6.2.\n   \nPHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and a\nheap-off-by-one (easy to exploit).  These versions of PHP were shipped with \nRed Hat Linux 7.0.\n\nPHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one\nhard to exploit).  These versions of PHP were shipped with Red Hat Linux\n7.1 and as erratas to 7.0.\n\nPHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to exploit).\nThese versions of PHP were shipped with Red Hat Linux 7.2\n      \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0081 to this issue.\n\nIf you are running PHP 4.0.3 or above, one way to work around these bugs is\nto disable the fileupload support within your php.ini file (by setting\nfile_uploads = Off).\n\nAll users of PHP are advised to immediately upgrade to these errata\npackages which close these vulnerabilities.\n\nA previous version of this erratum included a version of the MySQL\nextension which was compiled with an incorrect default pathname for the\nsocket used to connect to database servers residing on the local host.\n\nThis setting corresponds to the mysql.default_socket setting in the\n/etc/php.ini file, and can also be corrected there.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:035",
        "url": "https://access.redhat.com/errata/RHSA-2002:035"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012002.html",
        "url": "http://security.e-matters.de/advisories/012002.html"
      },
      {
        "category": "external",
        "summary": "http://www.kb.cert.org/vuls/id/297363",
        "url": "http://www.kb.cert.org/vuls/id/297363"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_035.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated PHP packages are available [updated 2002-Mar-11]",
    "tracking": {
      "current_release_date": "2024-11-21T22:18:00+00:00",
      "generator": {
        "date": "2024-11-21T22:18:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2002:035",
      "initial_release_date": "2002-02-28T17:54:00+00:00",
      "revision_history": [
        {
          "date": "2002-02-28T17:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-02-27T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:18:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-1247",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616655"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-1247"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616655",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616655"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-1247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-1247"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1247",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1247"
        }
      ],
      "release_date": "2001-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-02-28T17:54:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nAfter applying these updates you will need to restart your web server if it\nwas running before the update was applied.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:035"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0081"
        }
      ],
      "release_date": "2002-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-02-28T17:54:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nAfter applying these updates you will need to restart your web server if it\nwas running before the update was applied.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:035"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2002:035

Vulnerability from csaf_redhat

Published

2002-02-28 17:54

Modified

2025-11-21 17:24

Summary

Red Hat Security Advisory: : Updated PHP packages are available [updated 2002-Mar-11]

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated PHP packages are available to fix vulnerabilities in the functions\nthat parse multipart MIME data, which are used when uploading files\nthrough forms.\n\nThis revised advisory contains updated packages for Red Hat Linux 7, 7.1,\nand 7.2.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embeddable scripting language.  A number of flaws have been\nfound in the way PHP handles multipart/form-data POST requests.  Each of\nthese flaws could allow an attacker to execute arbitrary code on the remote\nsystem.\n\nPHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an\narbitrary heap overflow (easy to exploit).  These versions of PHP were\nshipped with Red Hat Linux 6.2.\n   \nPHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and a\nheap-off-by-one (easy to exploit).  These versions of PHP were shipped with \nRed Hat Linux 7.0.\n\nPHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one\nhard to exploit).  These versions of PHP were shipped with Red Hat Linux\n7.1 and as erratas to 7.0.\n\nPHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to exploit).\nThese versions of PHP were shipped with Red Hat Linux 7.2\n      \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0081 to this issue.\n\nIf you are running PHP 4.0.3 or above, one way to work around these bugs is\nto disable the fileupload support within your php.ini file (by setting\nfile_uploads = Off).\n\nAll users of PHP are advised to immediately upgrade to these errata\npackages which close these vulnerabilities.\n\nA previous version of this erratum included a version of the MySQL\nextension which was compiled with an incorrect default pathname for the\nsocket used to connect to database servers residing on the local host.\n\nThis setting corresponds to the mysql.default_socket setting in the\n/etc/php.ini file, and can also be corrected there.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:035",
        "url": "https://access.redhat.com/errata/RHSA-2002:035"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012002.html",
        "url": "http://security.e-matters.de/advisories/012002.html"
      },
      {
        "category": "external",
        "summary": "http://www.kb.cert.org/vuls/id/297363",
        "url": "http://www.kb.cert.org/vuls/id/297363"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_035.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated PHP packages are available [updated 2002-Mar-11]",
    "tracking": {
      "current_release_date": "2025-11-21T17:24:45+00:00",
      "generator": {
        "date": "2025-11-21T17:24:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2002:035",
      "initial_release_date": "2002-02-28T17:54:00+00:00",
      "revision_history": [
        {
          "date": "2002-02-28T17:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-02-27T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:24:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-1247",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616655"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-1247"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616655",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616655"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-1247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-1247"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1247",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1247"
        }
      ],
      "release_date": "2001-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-02-28T17:54:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nAfter applying these updates you will need to restart your web server if it\nwas running before the update was applied.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:035"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0081"
        }
      ],
      "release_date": "2002-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-02-28T17:54:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nAfter applying these updates you will need to restart your web server if it\nwas running before the update was applied.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:035"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2002:035

Vulnerability from csaf_redhat

Published

2002-02-28 17:54

Modified

2025-11-21 17:24

Summary

Red Hat Security Advisory: : Updated PHP packages are available [updated 2002-Mar-11]

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated PHP packages are available to fix vulnerabilities in the functions\nthat parse multipart MIME data, which are used when uploading files\nthrough forms.\n\nThis revised advisory contains updated packages for Red Hat Linux 7, 7.1,\nand 7.2.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embeddable scripting language.  A number of flaws have been\nfound in the way PHP handles multipart/form-data POST requests.  Each of\nthese flaws could allow an attacker to execute arbitrary code on the remote\nsystem.\n\nPHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an\narbitrary heap overflow (easy to exploit).  These versions of PHP were\nshipped with Red Hat Linux 6.2.\n   \nPHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and a\nheap-off-by-one (easy to exploit).  These versions of PHP were shipped with \nRed Hat Linux 7.0.\n\nPHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one\nhard to exploit).  These versions of PHP were shipped with Red Hat Linux\n7.1 and as erratas to 7.0.\n\nPHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to exploit).\nThese versions of PHP were shipped with Red Hat Linux 7.2\n      \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2002-0081 to this issue.\n\nIf you are running PHP 4.0.3 or above, one way to work around these bugs is\nto disable the fileupload support within your php.ini file (by setting\nfile_uploads = Off).\n\nAll users of PHP are advised to immediately upgrade to these errata\npackages which close these vulnerabilities.\n\nA previous version of this erratum included a version of the MySQL\nextension which was compiled with an incorrect default pathname for the\nsocket used to connect to database servers residing on the local host.\n\nThis setting corresponds to the mysql.default_socket setting in the\n/etc/php.ini file, and can also be corrected there.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2002:035",
        "url": "https://access.redhat.com/errata/RHSA-2002:035"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012002.html",
        "url": "http://security.e-matters.de/advisories/012002.html"
      },
      {
        "category": "external",
        "summary": "http://www.kb.cert.org/vuls/id/297363",
        "url": "http://www.kb.cert.org/vuls/id/297363"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_035.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated PHP packages are available [updated 2002-Mar-11]",
    "tracking": {
      "current_release_date": "2025-11-21T17:24:45+00:00",
      "generator": {
        "date": "2025-11-21T17:24:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2002:035",
      "initial_release_date": "2002-02-28T17:54:00+00:00",
      "revision_history": [
        {
          "date": "2002-02-28T17:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2002-02-27T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:24:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 6.2",
                "product": {
                  "name": "Red Hat Linux 6.2",
                  "product_id": "Red Hat Linux 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:6.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.0",
                "product": {
                  "name": "Red Hat Linux 7.0",
                  "product_id": "Red Hat Linux 7.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2001-1247",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616655"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2001-1247"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616655",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616655"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2001-1247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2001-1247"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1247",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1247"
        }
      ],
      "release_date": "2001-06-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-02-28T17:54:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nAfter applying these updates you will need to restart your web server if it\nwas running before the update was applied.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:035"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2002-0081",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 6.2",
          "Red Hat Linux 7.0",
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-0081"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-0081",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-0081"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0081",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0081"
        }
      ],
      "release_date": "2002-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2002-02-28T17:54:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nAfter applying these updates you will need to restart your web server if it\nwas running before the update was applied.",
          "product_ids": [
            "Red Hat Linux 6.2",
            "Red Hat Linux 7.0",
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2002:035"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

gsd-2002-0081

Vulnerability from gsd

Modified

2023-12-13 01:24

Details

Aliases

CVE-2002-0081

Aliases

CVE-2002-0081

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-0081",
    "description": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.",
    "id": "GSD-2002-0081",
    "references": [
      "https://www.debian.org/security/2002/dsa-115",
      "https://access.redhat.com/errata/RHSA-2002:040",
      "https://access.redhat.com/errata/RHSA-2002:035"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-0081"
      ],
      "details": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.",
      "id": "GSD-2002-0081",
      "modified": "2023-12-13T01:24:05.600848Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-0081",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#297363",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/297363"
          },
          {
            "name": "MDKSA-2002:017",
            "refsource": "MANDRAKE",
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
          },
          {
            "name": "20020225 Re: Rumours about Apache 1.3.22 exploits",
            "refsource": "VULN-DEV",
            "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
          },
          {
            "name": "php-file-upload-overflow(8281)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/8281.php"
          },
          {
            "name": "HPSBTL0203-028",
            "refsource": "HP",
            "url": "http://online.securityfocus.com/advisories/3911"
          },
          {
            "name": "20020227 Advisory 012002: PHP remote vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
          },
          {
            "name": "DSA-115",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2002/dsa-115"
          },
          {
            "name": "20020228 TSLSA-2002-0033 - mod_php",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
          },
          {
            "name": "http://www.php.net/downloads.php",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/downloads.php"
          },
          {
            "name": "CA-2002-05",
            "refsource": "CERT",
            "url": "http://www.cert.org/advisories/CA-2002-05.html"
          },
          {
            "name": "CLA-2002:468",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
          },
          {
            "name": "4183",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/4183"
          },
          {
            "name": "http://security.e-matters.de/advisories/012002.html",
            "refsource": "MISC",
            "url": "http://security.e-matters.de/advisories/012002.html"
          },
          {
            "name": "ESA-20020301-006",
            "refsource": "ENGARDE",
            "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
          },
          {
            "name": "SuSE-SA:2002:007",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
          },
          {
            "name": "20020227 PHP remote vulnerabilities",
            "refsource": "NTBUGTRAQ",
            "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
          },
          {
            "name": "RHSA-2002:035",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
          },
          {
            "name": "RHSA-2002:040",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
          },
          {
            "name": "20020304 Apache+php Proof of Concept Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0081"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.php.net/downloads.php",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.php.net/downloads.php"
            },
            {
              "name": "http://security.e-matters.de/advisories/012002.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://security.e-matters.de/advisories/012002.html"
            },
            {
              "name": "RHSA-2002:035",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
            },
            {
              "name": "RHSA-2002:040",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
            },
            {
              "name": "DSA-115",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2002/dsa-115"
            },
            {
              "name": "CA-2002-05",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.cert.org/advisories/CA-2002-05.html"
            },
            {
              "name": "VU#297363",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/297363"
            },
            {
              "name": "ESA-20020301-006",
              "refsource": "ENGARDE",
              "tags": [],
              "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
            },
            {
              "name": "HPSBTL0203-028",
              "refsource": "HP",
              "tags": [],
              "url": "http://online.securityfocus.com/advisories/3911"
            },
            {
              "name": "CLA-2002:468",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
            },
            {
              "name": "php-file-upload-overflow(8281)",
              "refsource": "XF",
              "tags": [],
              "url": "http://www.iss.net/security_center/static/8281.php"
            },
            {
              "name": "4183",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/4183"
            },
            {
              "name": "SuSE-SA:2002:007",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
            },
            {
              "name": "MDKSA-2002:017",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
            },
            {
              "name": "20020304 Apache+php Proof of Concept Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
            },
            {
              "name": "20020225 Re: Rumours about Apache 1.3.22 exploits",
              "refsource": "VULN-DEV",
              "tags": [],
              "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
            },
            {
              "name": "20020227 PHP remote vulnerabilities",
              "refsource": "NTBUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
            },
            {
              "name": "20020227 Advisory 012002: PHP remote vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
            },
            {
              "name": "20020228 TSLSA-2002-0033 - mod_php",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-10-18T02:15Z",
      "publishedDate": "2002-03-08T05:00Z"
    }
  }
}

fkie_cve-2002-0081

Vulnerability from fkie_nvd

Published

2002-03-08 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
cve@mitre.org	http://marc.info/?l=bugtraq&m=101484705523351&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=101497256024338&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=101537076619812&w=2
cve@mitre.org	http://marc.info/?l=ntbugtraq&m=101484975231922&w=2
cve@mitre.org	http://marc.info/?l=vuln-dev&m=101468694824998&w=2
cve@mitre.org	http://online.securityfocus.com/advisories/3911
cve@mitre.org	http://security.e-matters.de/advisories/012002.html	Vendor Advisory
cve@mitre.org	http://www.cert.org/advisories/CA-2002-05.html	US Government Resource
cve@mitre.org	http://www.debian.org/security/2002/dsa-115
cve@mitre.org	http://www.iss.net/security_center/static/8281.php
cve@mitre.org	http://www.kb.cert.org/vuls/id/297363	US Government Resource
cve@mitre.org	http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php
cve@mitre.org	http://www.linuxsecurity.com/advisories/other_advisory-1924.html
cve@mitre.org	http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
cve@mitre.org	http://www.php.net/downloads.php	Patch
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-035.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2002-040.html
cve@mitre.org	http://www.securityfocus.com/bid/4183
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=101484705523351&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=101497256024338&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=101537076619812&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=ntbugtraq&m=101484975231922&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=vuln-dev&m=101468694824998&w=2
af854a3a-2127-422b-91ae-364da2661108	http://online.securityfocus.com/advisories/3911
af854a3a-2127-422b-91ae-364da2661108	http://security.e-matters.de/advisories/012002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.cert.org/advisories/CA-2002-05.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2002/dsa-115
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/8281.php
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/297363	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php
af854a3a-2127-422b-91ae-364da2661108	http://www.linuxsecurity.com/advisories/other_advisory-1924.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/downloads.php	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-035.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2002-040.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/4183

Impacted products

Vendor	Product	Version
php	php	3.0
php	php	4.0.6
php	php	4.1.0
php	php	4.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "245C601D-0FE7-47E3-8304-6FF45E9567D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en:(1) PHP 4.1.0, 4.1.1 y 4.0.6 y anteriores y (2) php3_mime_split en PHP 3.0.x permite que atacantes remotos ejecuten c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n de datos de formulario HTTP, v\u00eda POST, cuando \"file_uploads\" est\u00e1 activado."
    }
  ],
  "id": "CVE-2002-0081",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-03-08T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/advisories/3911"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.e-matters.de/advisories/012002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-05.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2002/dsa-115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/8281.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/297363"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.php.net/downloads.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/4183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/advisories/3911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.e-matters.de/advisories/012002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2002-05.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2002/dsa-115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/8281.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/297363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.php.net/downloads.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/4183"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-cp2r-h7c2-j66v

Vulnerability from github

Published

2022-04-30 18:18

Modified

2022-04-30 18:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-0081"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-03-08T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.",
  "id": "GHSA-cp2r-h7c2-j66v",
  "modified": "2022-04-30T18:18:30Z",
  "published": "2022-04-30T18:18:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0081"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000468"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=101484705523351\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=101497256024338\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=101537076619812\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=101484975231922\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=vuln-dev\u0026m=101468694824998\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/advisories/3911"
    },
    {
      "type": "WEB",
      "url": "http://security.e-matters.de/advisories/012002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.cert.org/advisories/CA-2002-05.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2002/dsa-115"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/8281.php"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/297363"
    },
    {
      "type": "WEB",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php"
    },
    {
      "type": "WEB",
      "url": "http://www.linuxsecurity.com/advisories/other_advisory-1924.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/downloads.php"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-035.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-040.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/4183"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2002-0081 (GCVE-0-2002-0081)

Vulnerability from cvelistv5

rhsa-2002_035

Vulnerability from csaf_redhat

rhsa-2002:035

Vulnerability from csaf_redhat

RHSA-2002:035

Vulnerability from csaf_redhat

gsd-2002-0081

Vulnerability from gsd

fkie_cve-2002-0081

Vulnerability from fkie_nvd

ghsa-cp2r-h7c2-j66v

Vulnerability from github

Tags

Sightings

Nomenclature