Your submission was sent successfully! Close

CVE-2008-0599

Published: 5 May 2008

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
dapper Not vulnerable

feisty Not vulnerable

gutsy
Released (5.2.3-1ubuntu6.4)
hardy
Released (5.2.4-2ubuntu5.3)
upstream
Released (5.2.6)