CVE - CVE-2005-3389

CVE-ID
CVE-2005-3389	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20051031 Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str() URL:http://www.securityfocus.com/archive/1/415291 MISC:http://www.hardened-php.net/advisory_192005.78.html CONFIRM:http://www.php.net/release_4_4_1.php CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm FEDORA:FLSA:166943 URL:http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html GENTOO:GLSA-200511-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml HP:HPSBMA02159 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 HP:SSRT061238 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 MANDRIVA:MDKSA-2005:213 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:213 OPENPKG:OpenPKG-SA-2005.027 URL:http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html REDHAT:RHSA-2005:831 URL:http://www.redhat.com/support/errata/RHSA-2005-831.html REDHAT:RHSA-2005:838 URL:http://www.redhat.com/support/errata/RHSA-2005-838.html REDHAT:RHSA-2006:0549 URL:http://rhn.redhat.com/errata/RHSA-2006-0549.html SUSE:SUSE-SA:2005:069 URL:http://www.securityfocus.com/archive/1/419504/100/0/threaded SUSE:SUSE-SR:2005:026 SUSE:SUSE-SR:2005:027 URL:http://www.novell.com/linux/security/advisories/2005_27_sr.html TURBO:TLSA-2006-38 URL:http://www.turbolinux.com/security/2006/TLSA-2006-38.txt UBUNTU:USN-232-1 URL:https://www.ubuntu.com/usn/usn-232-1/ BID:15249 URL:http://www.securityfocus.com/bid/15249 OVAL:oval:org.mitre.oval:def:11481 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11481 VUPEN:ADV-2005-2254 URL:http://www.vupen.com/english/advisories/2005/2254 VUPEN:ADV-2006-4320 URL:http://www.vupen.com/english/advisories/2006/4320 SECTRACK:1015131 URL:http://securitytracker.com/id?1015131 SECUNIA:17371 URL:http://secunia.com/advisories/17371 SECUNIA:18054 URL:http://secunia.com/advisories/18054 SECUNIA:18198 URL:http://secunia.com/advisories/18198 SECUNIA:17559 URL:http://secunia.com/advisories/17559 SECUNIA:17490 URL:http://secunia.com/advisories/17490 SECUNIA:17510 URL:http://secunia.com/advisories/17510 SECUNIA:17531 URL:http://secunia.com/advisories/17531 SECUNIA:17557 URL:http://secunia.com/advisories/17557 SECUNIA:18669 URL:http://secunia.com/advisories/18669 SECUNIA:21252 URL:http://secunia.com/advisories/21252 SECUNIA:22691 URL:http://secunia.com/advisories/22691 SREASON:134 URL:http://securityreason.com/securityalert/134
Assigning CNA
N/A
Date Entry Created
20051101	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051101)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org