Definition


New Search

HP-UX Running Apache with PHP Remote Execution of Arbitrary Code

oval:org.mitre.oval:def:5510

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED which might allow remote attackers to execute arbitrary code via a crafted URI.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2008-0599
Product(s):