Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2498

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2498
Last Modified 21 Aug 2010 12:31:33
Published 15 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2498

Summary

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Vulnerable Systems

Application

  • Edd Dumbill Phpxmlrpc 1.1.1


References

MISC - http://www.hardened-php.net/advisory_152005.67.html

BUGTRAQ - 20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue

BID - 14560

BUGTRAQ - 20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability

REDHAT - RHSA-2005:748

SUSE - SUSE-SA:2005:049

GENTOO - GLSA-200509-19

FEDORA - FLSA:166943

DEBIAN - DSA-842

DEBIAN - DSA-840

DEBIAN - DSA-798

DEBIAN - DSA-789

SECUNIA - 17440

SECUNIA - 17066

SECUNIA - 17053

SECUNIA - 16976

SECUNIA - 16693

SECUNIA - 16635

SECUNIA - 16619

SECUNIA - 16563

SECUNIA - 16558

SECUNIA - 16550

SECUNIA - 16491

SECUNIA - 16469

SECUNIA - 16468

SECUNIA - 16465

SECUNIA - 16460

SECUNIA - 16441

SECUNIA - 16432

SECUNIA - 16431

SUSE - SUSE-SA:2005:051

BUGTRAQ - 20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities


Last Updated: 27 May 2016 10:40:32