CVE-2011-3379
03.11.2011, 15:55
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 5.3.7 |
| php | php | 5.3.8 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| php |
| ||
| php-bcmath |
| ||
| php-cli |
| ||
| php-common |
| ||
| php-dba |
| ||
| php-debuginfo |
| ||
| php-devel |
| ||
| php-embedded |
| ||
| php-fpm |
| ||
| php-gd |
| ||
| php-imap |
| ||
| php-intl |
| ||
| php-ldap |
| ||
| php-mbstring |
| ||
| php-mcrypt |
| ||
| php-mssql |
| ||
| php-mysql |
| ||
| php-odbc |
| ||
| php-pdo |
| ||
| php-pgsql |
| ||
| php-process |
| ||
| php-pspell |
| ||
| php-snmp |
| ||
| php-soap |
| ||
| php-tidy |
| ||
| php-xml |
| ||
| php-xmlrpc |
| ||
| php-zts |
|
References