1. CVE-Search
  2. CVE-2002-0081
ID CVE-2002-0081
Summary Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2002:035
  • rhsa
    id RHSA-2002:040
refmap via4
bid 4183
bugtraq
  • 20020227 Advisory 012002: PHP remote vulnerabilities
  • 20020228 TSLSA-2002-0033 - mod_php
  • 20020304 Apache+php Proof of Concept Exploit
cert CA-2002-05
cert-vn VU#297363
conectiva CLA-2002:468
confirm http://www.php.net/downloads.php
debian DSA-115
engarde ESA-20020301-006
hp HPSBTL0203-028
mandrake MDKSA-2002:017
misc http://security.e-matters.de/advisories/012002.html
ntbugtraq 20020227 PHP remote vulnerabilities
suse SuSE-SA:2002:007
vuln-dev 20020225 Re: Rumours about Apache 1.3.22 exploits
xf php-file-upload-overflow(8281)
Last major update 18-10-2016 - 02:15
Published 08-03-2002 - 05:00
Last modified 18-10-2016 - 02:15
Back to Top