Oval Definition:oval:org.mitre.oval:def:5510
Revision Date:2015-04-20Version:26
Title:HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code
Description:The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-0599
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02342
  • HP-UX B.11.11
  • AND filesets tests
  • hpuxwsAPACHE.PHP version is less than B.2.0.59.04.2
  • OR hpuxwsAPACHE.PHP2 version is less than B.2.0.59.04.2
  • OR Criteria meets HP Security Bulletin HPSBUX02342
  • platforms
  • HP-UX B.11.23
  • OR HP-UX B.11.31
  • AND filesets tests
  • hpuxwsAPCH32.PHP version is less than B.2.0.59.04.2
  • OR hpuxwsAPCH32.PHP2 version is less than B.2.0.59.04.2
  • OR hpuxwsAPACHE.PHP version is less than B.2.0.59.04.2
  • OR hpuxwsAPACHE.PHP2 version is less than B.2.0.59.04.2
    • BACK