CVE-2000-0967 - PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to e

CVE-2000-0967

Summary

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

References

Vulnerable Configurations

cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

redhat via4

advisories

rhsa
id RHSA-2000:088
rhsa
id RHSA-2000:095

refmap via4

atstake	A101200-1
bid	1786
bugtraq	20001012 Conectiva Linux Security Announcement - mod_php3
caldera	CSSA-2000-037.0
debian	20001014a 20001014b
freebsd	FreeBSD-SA-00:75
mandrake	MDKSA-2000:062
xf	php-logging-format-string(5359)

Last major update

03-05-2018 - 01:29

Published

19-12-2000 - 05:00

Last modified

03-05-2018 - 01:29