Vulnerabilities > CVE-2004-0959 - Unspecified vulnerability in PHP

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
php
nessus
NVD
Published: 2004-11-03
Updated: 2017-10-11

Summary

rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.

Vulnerable Configurations

Part Description Count
Application
Php
269

Nessus

  • NASL familyCGI abuses
    NASL idPHP_ARBITRARY_FILE_UPLOAD.NASL
    descriptionThe remote host is running a version of PHP that is older than 4.3.9 or 5.0.2. The remote version of this software is affected by an unspecified file upload vulnerability that could allow a local attacker to upload arbitrary files to the server. ** This flaw can only be exploited locally.
    last seen2020-06-01
    modified2020-06-02
    plugin id14770
    published2004-09-17
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14770
    titlePHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-567.NASL
    descriptionThis update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE-2004-1019), exif image parsing (CVE-2004-1065), and form upload parsing (CVE-2004-0958 and CVE-2004-0959). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16030
    published2004-12-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16030
    titleFedora Core 2 : php-4.3.10-2.4 (2004-567)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-687.NASL
    descriptionUpdated php packages that fix various security issues and bugs are now available for Red Hat Enterprise Linux 3. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Flaws including possible information disclosure, double free, and negative reference index array underflow were found in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1019 to this issue. A flaw in the exif extension of PHP was found which lead to a stack overflow. An attacker could create a carefully crafted image file in such a way that if parsed by a PHP script using the exif extension it could cause a crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1065 to this issue. An information disclosure bug was discovered in the parsing of
    last seen2020-06-01
    modified2020-06-02
    plugin id16041
    published2004-12-23
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16041
    titleRHEL 3 : php (RHSA-2004:687)

Oval

accepted2013-04-29T04:10:17.608-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionrfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
familyunix
idoval:org.mitre.oval:def:10961
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlerfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
version26

Redhat

advisories
rhsa
idRHSA-2004:687
rpms
  • php-0:4.3.2-19.ent
  • php-debuginfo-0:4.3.2-19.ent
  • php-devel-0:4.3.2-19.ent
  • php-imap-0:4.3.2-19.ent
  • php-ldap-0:4.3.2-19.ent
  • php-mysql-0:4.3.2-19.ent
  • php-odbc-0:4.3.2-19.ent
  • php-pgsql-0:4.3.2-19.ent

References