CVE-2008-2050 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Affected Products (NVD)

Vendor	Product	Version
php	php	𝑥 ≤ 5.2.5
php	php	5.0.0:beta1
php	php	5.0.0:beta2
php	php	5.0.0:beta3
php	php	5.0.0:beta4
php	php	5.0.0:rc1
php	php	5.0.0:rc2
php	php	5.0.0:rc3
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php5

dapper	not-affected
feisty	Fixed 5.2.1-0ubuntu1.6 released
gutsy	Fixed 5.2.3-1ubuntu6.4 released
hardy	Fixed 5.2.4-2ubuntu5.3 released

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://secunia.com/advisories/30048

http://secunia.com/advisories/30083

http://secunia.com/advisories/30158

http://secunia.com/advisories/30345

http://secunia.com/advisories/30967

http://secunia.com/advisories/31200

http://secunia.com/advisories/31326

http://secunia.com/advisories/32746

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

http://www.debian.org/security/2008/dsa-1572

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.openwall.com/lists/oss-security/2008/05/02/2

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/archive/1/492535/100/0/threaded

http://www.securityfocus.com/bid/29009

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951

http://www.ubuntu.com/usn/usn-628-1

http://www.vupen.com/english/advisories/2008/1412

http://www.vupen.com/english/advisories/2008/2268

https://exchange.xforce.ibmcloud.com/vulnerabilities/42133

https://issues.rpath.com/browse/RPL-2503

http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

http://secunia.com/advisories/30048

http://secunia.com/advisories/30083

http://secunia.com/advisories/30158

http://secunia.com/advisories/30345

http://secunia.com/advisories/30967

http://secunia.com/advisories/31200

http://secunia.com/advisories/31326

http://secunia.com/advisories/32746

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

http://www.debian.org/security/2008/dsa-1572

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.openwall.com/lists/oss-security/2008/05/02/2

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/archive/1/492535/100/0/threaded

http://www.securityfocus.com/bid/29009

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951

http://www.ubuntu.com/usn/usn-628-1

http://www.vupen.com/english/advisories/2008/1412

http://www.vupen.com/english/advisories/2008/2268

https://exchange.xforce.ibmcloud.com/vulnerabilities/42133

https://issues.rpath.com/browse/RPL-2503