CVE-2005-3389
Published: 1 November 2005
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php4 Launchpad, Ubuntu, Debian |
dapper |
Released
(4.4.2-1build1)
|
| edgy |
Released
(4.4.2-1build1)
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.2-1ubuntu3.9)
|
| edgy |
Released
(5.1.6-1ubuntu2.6)
|
|
| feisty |
Released
(5.2.1-0ubuntu1.4)
|
|
| upstream |
Needs triage
|