CVE-2005-3390

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

http://rhn.redhat.com/errata/RHSA-2006-0549.html

http://secunia.com/advisories/17371

http://secunia.com/advisories/17490

http://secunia.com/advisories/17510

http://secunia.com/advisories/17531

http://secunia.com/advisories/17557

http://secunia.com/advisories/17559

http://secunia.com/advisories/18054

http://secunia.com/advisories/18198

http://secunia.com/advisories/18669

http://secunia.com/advisories/21252

http://secunia.com/advisories/22691

http://securityreason.com/securityalert/132

http://securitytracker.com/id?1015129

http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm

http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html

http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml

http://www.hardened-php.net/advisory_202005.79.html

http://www.hardened-php.net/globals-problem

http://www.mandriva.com/security/advisories?name=MDKSA-2005:213

http://www.novell.com/linux/security/advisories/2005_27_sr.html

http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html

http://www.php.net/release_4_4_1.php

http://www.redhat.com/support/errata/RHSA-2005-831.html

http://www.redhat.com/support/errata/RHSA-2005-838.html

http://www.securityfocus.com/archive/1/415290/30/0/threaded

http://www.securityfocus.com/archive/1/419504/100/0/threaded

http://www.securityfocus.com/bid/15250

http://www.vupen.com/english/advisories/2005/2254

http://www.vupen.com/english/advisories/2006/4320

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537

https://www.ubuntu.com/usn/usn-232-1/

Details

Source: MITRE

Published: 2005-11-01

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*

cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
22299e107 ibrowser.php zend_has_del() Function Remote Code ExecutionNessusCGI abuses
high
22298Joomla! < 1.0.11 Unspecified Remote Code ExecutionNessusCGI abuses
medium
21871CentOS 3 / 4 : php (CESA-2005:831)NessusCentOS Local Security Checks
high
20776Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)NessusUbuntu Local Security Checks
high
20445Mandrake Linux Security Advisory : php (MDKSA-2005:213)NessusMandriva Local Security Checks
high
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
high
20207RHEL 2.1 : php (RHSA-2005:838)NessusRed Hat Local Security Checks
critical
20206RHEL 3 / 4 : php (RHSA-2005:831)NessusRed Hat Local Security Checks
high
20195GLSA-200511-08 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
20111PHP < 4.4.1 / 5.0.6 Multiple VulnerabilitiesNessusCGI abuses
high
3273PHP 4.x < 4.4.0 / 5.x < 5.0.6 GLOBAL Variable OverwriteNessus Network MonitorWeb Servers
medium
801113PHP < 5.0.6 GLOBAL Variable OverwriteLog Correlation EngineWeb Servers
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high