cbcvebase.
CVE-2002-0081
published 2002-03-08

CVE-2002-0081: Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute…

PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
24.26%
97.6th percentile
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

Affected

4 ranges
VendorProductVersion rangeFixed in
phpphp
phpphp
phpphp
phpphp

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit is delivered via a multipart/form-data HTTP POST request; inspect POST requests with Content-Type: multipart/form-data targeting PHP endpoints for oversized or malformed MIME boundary fields
  • Vulnerable code paths are php_mime_split (PHP 4.x) and php3_mime_split (PHP 3.0.x); look for crashes or anomalous behaviour in these functions during MIME parsing
  • Attack surface is only present when file_uploads is enabled in php.ini; audit PHP configurations for file_uploads = On as a prerequisite indicator
  • ·The vulnerability is only exploitable when the file_uploads directive is enabled in the PHP configuration; systems with file_uploads disabled are not affected
  • ·Affected versions are PHP 4.1.0, 4.1.1, 4.0.6 and earlier (php_mime_split), and PHP 3.0.x (php3_mime_split); version identification is necessary to scope detection

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.