CVE-2002-0081
published 2002-03-08CVE-2002-0081: Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
24.26%
97.6th percentile
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit is delivered via a multipart/form-data HTTP POST request; inspect POST requests with Content-Type: multipart/form-data targeting PHP endpoints for oversized or malformed MIME boundary fields ↗
- →Vulnerable code paths are php_mime_split (PHP 4.x) and php3_mime_split (PHP 3.0.x); look for crashes or anomalous behaviour in these functions during MIME parsing ↗
- →Attack surface is only present when file_uploads is enabled in php.ini; audit PHP configurations for file_uploads = On as a prerequisite indicator ↗
- ·The vulnerability is only exploitable when the file_uploads directive is enabled in the PHP configuration; systems with file_uploads disabled are not affected ↗
- ·Affected versions are PHP 4.1.0, 4.1.1, 4.0.6 and earlier (php_mime_split), and PHP 3.0.x (php3_mime_split); version identification is necessary to scope detection ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cp2r-h7c2-j66v: Buffer overflows in (1) php_mime_split in PHP 4
ghsa_unreviewed·2022-04-30
CVE-2002-0081 [HIGH] GHSA-cp2r-h7c2-j66v: Buffer overflows in (1) php_mime_split in PHP 4
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Red Hat
security flaw
vendor_redhat·2002-02-27·CVSS 7.5
CVE-2002-0081 [HIGH] security flaw
security flaw
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2002-0081 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2002-0081 [HIGH] CVE-2002-0081 security flaw
CVE-2002-0081 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
Bugzilla
CAN-2003-0977 fix pushed for RH9, but not FC1
bugzilla·2004-03-20
[MEDIUM] CAN-2003-0977 fix pushed for RH9, but not FC1
CAN-2003-0977 fix pushed for RH9, but not FC1
Description of problem:
CAN-2003-0977 fix pushed for RH9, but not FC1
Version-Release number of selected component (if applicable):
cvs-1.11.5-3
Additional info:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111221#c5
https://rhn.redhat.com/errata/RHSA-2004-003.html
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
Discussion:
A rebuild from cvs-1.11.11-1 (or higher) from Fedora Development
at Fedora Core 1 solves the problem, so maybe one of the Red Hat
maintainers could do that? Would be very nice :)
BTW: Maybe the kerberos 4 support has to be disabled.
---
Maybe that issue is fixed soon by one of
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468http://marc.info/?l=bugtraq&m=101484705523351&w=2http://marc.info/?l=bugtraq&m=101497256024338&w=2http://marc.info/?l=bugtraq&m=101537076619812&w=2http://marc.info/?l=ntbugtraq&m=101484975231922&w=2http://marc.info/?l=vuln-dev&m=101468694824998&w=2http://online.securityfocus.com/advisories/3911http://security.e-matters.de/advisories/012002.htmlhttp://www.cert.org/advisories/CA-2002-05.htmlhttp://www.debian.org/security/2002/dsa-115http://www.iss.net/security_center/static/8281.phphttp://www.kb.cert.org/vuls/id/297363http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.phphttp://www.linuxsecurity.com/advisories/other_advisory-1924.htmlhttp://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.htmlhttp://www.php.net/downloads.phphttp://www.redhat.com/support/errata/RHSA-2002-035.htmlhttp://www.redhat.com/support/errata/RHSA-2002-040.htmlhttp://www.securityfocus.com/bid/4183http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468http://marc.info/?l=bugtraq&m=101484705523351&w=2http://marc.info/?l=bugtraq&m=101497256024338&w=2http://marc.info/?l=bugtraq&m=101537076619812&w=2http://marc.info/?l=ntbugtraq&m=101484975231922&w=2http://marc.info/?l=vuln-dev&m=101468694824998&w=2http://online.securityfocus.com/advisories/3911http://security.e-matters.de/advisories/012002.htmlhttp://www.cert.org/advisories/CA-2002-05.htmlhttp://www.debian.org/security/2002/dsa-115http://www.iss.net/security_center/static/8281.phphttp://www.kb.cert.org/vuls/id/297363http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.phphttp://www.linuxsecurity.com/advisories/other_advisory-1924.htmlhttp://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.htmlhttp://www.php.net/downloads.phphttp://www.redhat.com/support/errata/RHSA-2002-035.htmlhttp://www.redhat.com/support/errata/RHSA-2002-040.htmlhttp://www.securityfocus.com/bid/4183
2002-03-08
Published