CVE - CVE-2005-3390

CVE-ID
CVE-2005-3390	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:15250 URL:http://www.securityfocus.com/bid/15250 BUGTRAQ:20051031 Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability URL:http://www.securityfocus.com/archive/1/415290/30/0/threaded CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm CONFIRM:http://www.php.net/release_4_4_1.php FEDORA:FLSA:166943 URL:http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html GENTOO:GLSA-200511-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml HP:HPSBMA02159 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 HP:SSRT061238 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 MANDRIVA:MDKSA-2005:213 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:213~~ (Obsolete source) MISC:http://www.hardened-php.net/advisory_202005.79.html MISC:http://www.hardened-php.net/globals-problem OPENPKG:OpenPKG-SA-2005.027 URL:http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html OVAL:oval:org.mitre.oval:def:10537 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537 REDHAT:RHSA-2005:831 URL:http://www.redhat.com/support/errata/RHSA-2005-831.html REDHAT:RHSA-2005:838 URL:http://www.redhat.com/support/errata/RHSA-2005-838.html REDHAT:RHSA-2006:0549 URL:http://rhn.redhat.com/errata/RHSA-2006-0549.html SECTRACK:1015129 URL:http://securitytracker.com/id?1015129 SECUNIA:17371 URL:http://secunia.com/advisories/17371 SECUNIA:17490 URL:http://secunia.com/advisories/17490 SECUNIA:17510 URL:http://secunia.com/advisories/17510 SECUNIA:17531 URL:http://secunia.com/advisories/17531 SECUNIA:17557 URL:http://secunia.com/advisories/17557 SECUNIA:17559 URL:http://secunia.com/advisories/17559 SECUNIA:18054 URL:http://secunia.com/advisories/18054 SECUNIA:18198 URL:http://secunia.com/advisories/18198 SECUNIA:18669 URL:http://secunia.com/advisories/18669 SECUNIA:21252 URL:http://secunia.com/advisories/21252 SECUNIA:22691 URL:http://secunia.com/advisories/22691 SREASON:132 URL:http://securityreason.com/securityalert/132 SUSE:SUSE-SA:2005:069 URL:http://www.securityfocus.com/archive/1/419504/100/0/threaded SUSE:SUSE-SR:2005:026 SUSE:SUSE-SR:2005:027 URL:http://www.novell.com/linux/security/advisories/2005_27_sr.html UBUNTU:USN-232-1 URL:https://www.ubuntu.com/usn/usn-232-1/ VUPEN:ADV-2005-2254 URL:~~http://www.vupen.com/english/advisories/2005/2254~~ (Obsolete source) VUPEN:ADV-2006-4320 URL:~~http://www.vupen.com/english/advisories/2006/4320~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20051101	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20051101)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)