CVE-2005-3390
published 2005-11-01CVE-2005-3390: The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS…
PriorityP260high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
65.51%
99.2th percentile
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Affected
55 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect multipart/form-data POST requests containing a file upload field named 'GLOBALS', which is the core exploitation mechanism for this CVE. ↗
- →Monitor POST requests targeting e107 CMS path 'e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php' as a known exploitation target for this vulnerability. ↗
- →Look for the MIME boundary string '-----------------------------7d529a1d23092a' in HTTP request bodies as a fingerprint of this specific exploit. ↗
- →Flag PHP environments where register_globals is enabled (register_globals=on), as exploitation of this CVE requires that configuration. ↗
- ·This vulnerability is only exploitable when PHP's register_globals directive is enabled. Systems with register_globals=off are not affected. ↗
- ·Affected versions are PHP 4.x up to and including 4.4.0 and PHP 5.x up to and including 5.0.5. The exploit PoC also notes the check: 'register_globals=off here or wrong PHP version'. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-66vq-qwrh-g7rq: The RFC1867 file upload feature in PHP 4
ghsa_unreviewed·2022-05-01
CVE-2005-3390 [HIGH] GHSA-66vq-qwrh-g7rq: The RFC1867 file upload feature in PHP 4
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2005-12-23·CVSS 2.1
CVE-2005-3319 [LOW] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
Eric Romang discovered a local Denial of Service vulnerability in the
handling of the 'session.save_path' parameter in PHP's Apache 2.0
module. By setting this parameter to an invalid value in an .htaccess
file, a local user could crash the Apache server. (CVE-2005-3319)
A Denial of Service flaw was found in the EXIF module. By sending an
image with specially crafted EXIF data to a PHP program that
automatically evaluates them (e. g. a web gallery), a remote attacker
could cause an infinite recursion in the PHP interpreter, which caused
the web server to crash. (CVE-2005-3353)
Stefan Esser reported a Cross Site Scripting vulnerability in the
phpinfo() function. By tricking a user into retrieving a specially
crafted URL to a PHP pa
Red Hat
security flaw
vendor_redhat·2005-10-31·CVSS 7.5
CVE-2005-3390 [HIGH] security flaw
security flaw
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
No detection rules found.
Bugzilla
CVE-2005-3390 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2005-3390 [HIGH] CVE-2005-3390 security flaw
CVE-2005-3390 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Bugzilla
CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
bugzilla·2006-06-19·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
Several security issues were found in the PHP package in Stronghold 4.0:
The wordwrap() PHP function did not properly check for integer overflow in
the way the "break" parameter was handled. An attacker who could control a
string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)
The phpinfo() PHP function did not properly sanitize long strings. This
could allow an attacker to perform cross-site scripting attacks against
sites that had publicly-available PHP scripts that called phpinfo().
(CVE-2006-0996)
A flaw in the way PHP registered global variables during a file upload
request was discovered. A remote attacker could submit a carefully crafted
multipart/form-data POST request tha
Bugzilla
CVE-2005-3390 PHP register globals arbitrary code execution
bugzilla·2005-11-25·CVSS 7.5
CVE-2005-3390 [HIGH] CVE-2005-3390 PHP register globals arbitrary code execution
CVE-2005-3390 PHP register globals arbitrary code execution
FC5test1 tracking bug
+++ This bug was initially created as a clone of Bug #172207 +++
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5,
when register_globals is enabled, allows remote attackers to modify the
GLOBALS array and bypass security protections of PHP applications via a
multipart/form-data POST request with a "GLOBALS" fileupload field.
http://www.hardened-php.net/advisory_202005.79.html
This issue should also affect FC3
-- Additional comment from [email protected] on 2005-11-08 06:28 EST --
*** Bug 172200 has been marked as a duplicate of this bug. ***
Discussion:
leaving vulnerable for FC5test2 until we check to make sure this is actually
fixed in upstream 5.1.1
---
ping! if fixed in
Bugzilla
CVE-2005-3390 PHP register globals arbitrary code execution
bugzilla·2005-11-01·CVSS 7.5
CVE-2005-3390 [HIGH] CVE-2005-3390 PHP register globals arbitrary code execution
CVE-2005-3390 PHP register globals arbitrary code execution
+++ This bug was initially created as a clone of Bug #172207 +++
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5,
when register_globals is enabled, allows remote attackers to modify the
GLOBALS array and bypass security protections of PHP applications via a
multipart/form-data POST request with a "GLOBALS" fileupload field.
http://www.hardened-php.net/advisory_202005.79.html
This issue should also affect FC3
Discussion:
*** Bug 172200 has been marked as a duplicate of this bug. ***
---
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.
Bugzilla
CVE-2005-3390 PHP register globals arbitrary code execution
bugzilla·2005-11-01·CVSS 7.5
CVE-2005-3390 [HIGH] CVE-2005-3390 PHP register globals arbitrary code execution
CVE-2005-3390 PHP register globals arbitrary code execution
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5,
when register_globals is enabled, allows remote attackers to modify the
GLOBALS array and bypass security protections of PHP applications via a
multipart/form-data POST request with a "GLOBALS" fileupload field.
http://www.hardened-php.net/advisory_202005.79.html
This issue should also affect RHEL2.1 and RHEL3
Discussion:
Is there an ETA on a fix for 4WS users?
Thank you,
Ryan Spaulding
NASA Ames Research Center
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
ple
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522http://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/17371http://secunia.com/advisories/17490http://secunia.com/advisories/17510http://secunia.com/advisories/17531http://secunia.com/advisories/17557http://secunia.com/advisories/17559http://secunia.com/advisories/18054http://secunia.com/advisories/18198http://secunia.com/advisories/18669http://secunia.com/advisories/21252http://secunia.com/advisories/22691http://securityreason.com/securityalert/132http://securitytracker.com/id?1015129http://support.avaya.com/elmodocs2/security/ASA-2006-037.htmhttp://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200511-08.xmlhttp://www.hardened-php.net/advisory_202005.79.htmlhttp://www.hardened-php.net/globals-problemhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:213http://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2005.027-php.htmlhttp://www.php.net/release_4_4_1.phphttp://www.redhat.com/support/errata/RHSA-2005-831.htmlhttp://www.redhat.com/support/errata/RHSA-2005-838.htmlhttp://www.securityfocus.com/archive/1/415290/30/0/threadedhttp://www.securityfocus.com/archive/1/419504/100/0/threadedhttp://www.securityfocus.com/bid/15250http://www.vupen.com/english/advisories/2005/2254http://www.vupen.com/english/advisories/2006/4320https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537https://www.ubuntu.com/usn/usn-232-1/http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522http://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/17371http://secunia.com/advisories/17490http://secunia.com/advisories/17510http://secunia.com/advisories/17531http://secunia.com/advisories/17557http://secunia.com/advisories/17559http://secunia.com/advisories/18054http://secunia.com/advisories/18198http://secunia.com/advisories/18669http://secunia.com/advisories/21252http://secunia.com/advisories/22691http://securityreason.com/securityalert/132http://securitytracker.com/id?1015129http://support.avaya.com/elmodocs2/security/ASA-2006-037.htmhttp://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200511-08.xmlhttp://www.hardened-php.net/advisory_202005.79.htmlhttp://www.hardened-php.net/globals-problemhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:213http://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2005.027-php.htmlhttp://www.php.net/release_4_4_1.phphttp://www.redhat.com/support/errata/RHSA-2005-831.htmlhttp://www.redhat.com/support/errata/RHSA-2005-838.htmlhttp://www.securityfocus.com/archive/1/415290/30/0/threadedhttp://www.securityfocus.com/archive/1/419504/100/0/threadedhttp://www.securityfocus.com/bid/15250http://www.vupen.com/english/advisories/2005/2254http://www.vupen.com/english/advisories/2006/4320https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537https://www.ubuntu.com/usn/usn-232-1/
2005-11-01
Published