CVE-2005-3389 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2005-3389
Status Candidate
Description The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
Severity Medium
CVSS score 5
CVSS vector (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Phase Assigned (20.06.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3389
References BID : 15249
BUGTRAQ : 20051031 Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()
CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
CONFIRM : http://www.php.net/release_4_4_1.php
FEDORA : FLSA:166943
FRSIRT : ADV-2005-2254
FRSIRT : ADV-2006-4320
GENTOO : GLSA-200511-08
HP : HPSBMA02159
HP : SSRT061238
MANDRIVA : MDKSA-2005:213
MISC : http://www.hardened-php.net/advisory_192005.78.html
OPENPKG : OpenPKG-SA-2005.027
REDHAT : RHSA-2005:831
REDHAT : RHSA-2005:838
REDHAT : RHSA-2006:0549
SECTRACK : 1015131
SECUNIA : 17371
SECUNIA : 17490
SECUNIA : 17510
SECUNIA : 17531
SECUNIA : 17557
SECUNIA : 17559
SECUNIA : 18054
SECUNIA : 18198
SECUNIA : 18669
SECUNIA : 21252
SECUNIA : 22691
SUSE : SUSE-SA:2005:069
SUSE : SUSE-SR:2005:026
SUSE : SUSE-SR:2005:027
TURBO : TLSA-2006-38
UBUNTU : USN-232-1

test server