Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1370

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-1370
Last Modified 05 Sep 2008 04:26:22
Published 21 Jul 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1370

Summary

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.

Vulnerable Systems

Application

  • Phplib Team Phplib 7.2

  • Phplib Team Phplib 7.2.1

  • Phplib Team Phplib 7.2b

  • Phplib Team Phplib 7.2c


References

BID - 3079

DEBIAN - DSA-073

BUGTRAQ - 20010726 TSLSA-2001-0014 - PHPLib

BUGTRAQ - 20010722 [SEC] Hole in PHPLib 7.2 prepend.php3

XF - phplib-script-execution(6892)

BUGTRAQ - 20010721 IMP 2.2.6 (SECURITY) released

CONECTIVA - CLA-2001:410

CALDERA - CSSA-2001-027.0


Last Updated: 27 May 2016 10:36:38