ID CVE-2002-0081
Summary Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
References
Vulnerable Configurations
  • PHP PHP 3.0
    cpe:2.3:a:php:php:3.0
  • PHP 4.0.6 -
    cpe:2.3:a:php:php:4.0.6
  • PHP 4.1.0 -
    cpe:2.3:a:php:php:4.1.0
  • PHP PHP 4.1.1
    cpe:2.3:a:php:php:4.1.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id PHP_SPLIT_MIME.NASL
    description The remote host is running a version of PHP earlier than 4.1.2. There are several flaws in how PHP handles multipart/form-data POST requests, any one of which could allow an attacker to gain remote access to the system.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 10867
    published 2002-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10867
    title PHP mime_split Function POST Request Overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2002-017.NASL
    description Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads. The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this in PHP 4.1.2 and provided patches for older versions of PHP.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13925
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13925
    title Mandrake Linux Security Advisory : php (MDKSA-2002:017)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-115.NASL
    description Stefan Esser, who is also a member of the PHP team, found several flawsin the way PHP handles multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. For PHP3 flaws contain a broken boundary check and an arbitrary heap overflow. For PHP4 they consist of a broken boundary check and a heap off by one error. For the stable release of Debian these problems are fixed in version 3.0.18-0potato1.1 of PHP3 and version 4.0.3pl1-0potato3 of PHP4. For the unstable and testing release of Debian these problems are fixed in version 3.0.18-22 of PHP3 and version 4.1.2-1 of PHP4. There is no PHP4 in the stable and unstable distribution for the arm architecture due to a compiler error.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 14952
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14952
    title Debian DSA-115-1 : php - broken boundary check and more
redhat via4
advisories
  • rhsa
    id RHSA-2002:035
  • rhsa
    id RHSA-2002:040
refmap via4
bid 4183
bugtraq
  • 20020227 Advisory 012002: PHP remote vulnerabilities
  • 20020228 TSLSA-2002-0033 - mod_php
  • 20020304 Apache+php Proof of Concept Exploit
cert CA-2002-05
cert-vn VU#297363
conectiva CLA-2002:468
confirm http://www.php.net/downloads.php
debian DSA-115
engarde ESA-20020301-006
hp HPSBTL0203-028
mandrake MDKSA-2002:017
misc http://security.e-matters.de/advisories/012002.html
ntbugtraq 20020227 PHP remote vulnerabilities
suse SuSE-SA:2002:007
vuln-dev 20020225 Re: Rumours about Apache 1.3.22 exploits
xf php-file-upload-overflow(8281)
Last major update 17-10-2016 - 22:15
Published 08-03-2002 - 00:00
Back to Top