Signature Detail
Short Name |
HTTP:PHP:GLOBALS-INJ |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
PHP GLOBALS Variable Overwrite |
Release Date |
2005/04/21 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: PHP GLOBALS Variable Overwrite
This signature detects attempts to misuse the PHP GLOBALS variable. PHP 5.0.3 and earlier versions are vulnerable. Attackers can overwrite the GLOBALS variable.
Extended Description
PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
Affected Products
- Avaya Intuity LX
- Avaya Message Networking
- Avaya Messaging Storage Server
- e107 e107 website system 0.7.5
- Gentoo Linux
- HP System Management Homepage 2.0.0
- HP System Management Homepage 2.0.1
- HP System Management Homepage 2.0.2
- HP System Management Homepage 2.1.0
- HP System Management Homepage 2.1.1
- HP System Management Homepage 2.1.2
- HP System Management Homepage 2.1.3
- HP System Management Homepage 2.1.3 .132
- HP System Management Homepage 2.1.4
- Mandriva Corporate Server 2.1.0
- Mandriva Corporate Server 2.1.0 X86 64
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 10.1.0
- Mandriva Linux Mandrake 10.1.0 X86 64
- Mandriva Linux Mandrake 10.2.0
- Mandriva Linux Mandrake 10.2.0 X86 64
- Mandriva Linux Mandrake 2006.0.0
- Mandriva Linux Mandrake 2006.0.0 X86 64
- Mandriva Multi Network Firewall 2.0.0
- OpenPKG 2.3.0
- OpenPKG 2.4.0
- OpenPKG 2.5.0
- OpenPKG Current
- PHP 3.0.0 0
- PHP 3.0.0 .10
- PHP 3.0.0 .11
- PHP 3.0.0 .12
- PHP 3.0.0 .13
- PHP 3.0.0 .16
- PHP 3.0.1
- PHP 3.0.10
- PHP 3.0.11
- PHP 3.0.12
- PHP 3.0.13
- PHP 3.0.14
- PHP 3.0.15
- PHP 3.0.16
- PHP 3.0.17
- PHP 3.0.18
- PHP 3.0.2
- PHP 3.0.3
- PHP 3.0.4
- PHP 3.0.5
- PHP 3.0.6
- PHP 3.0.7
- PHP 3.0.8
- PHP 3.0.9
- PHP 4.0.0 0
- PHP 4.0.1
- PHP 4.0.1 Pl1
- PHP 4.0.1 Pl2
- PHP 4.0.2
- PHP 4.0.3
- PHP 4.0.3 Pl1
- PHP 4.0.4
- PHP 4.0.5
- PHP 4.0.6
- PHP 4.0.7
- PHP 4.0.7 RC1
- PHP 4.0.7 RC2
- PHP 4.0.7 RC3
- PHP 4.1.0 .0
- PHP 4.1.1
- PHP 4.1.2
- PHP 4.2.0 .0
- PHP 4.2.0 -Dev
- PHP 4.2.1
- PHP 4.2.2
- PHP 4.2.3
- PHP 4.3.0
- PHP 4.3.1
- PHP 4.3.10
- PHP 4.3.11
- PHP 4.3.2
- PHP 4.3.3
- PHP 4.3.4
- PHP 4.3.5
- PHP 4.3.6
- PHP 4.3.7
- PHP 4.3.8
- PHP 4.3.9
- PHP 4.4.0 .0
- PHP 5.0.0 .0
- PHP 5.0.0 Candidate 1
- PHP 5.0.0 Candidate 2
- PHP 5.0.0 Candidate 3
- PHP 5.0.1
- PHP 5.0.2
- PHP 5.0.3
- PHP 5.0.4
- PHP 5.0.5
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora Core1
- Red Hat Fedora Core2
- Red Hat Fedora Core3
- Red Hat Fedora Core4
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 9.0.0 I386
- Red Hat Stronghold 4.0.0
- SGI ProPack 3.0.0 SP6
- SuSE Linux Desktop 1.0.0
- SuSE Linux Enterprise Server for S/390 9.0.0
- SuSE Linux Openexchange Server
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 8.2.0
- SuSE Linux Personal 9.0.0
- SuSE Linux Personal 9.0.0 X86 64
- SuSE Linux Personal 9.1.0
- SuSE Linux Personal 9.1.0 X86 64
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Linux Personal 9.3.0 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 8.2.0
- SuSE Linux Professional 9.0.0
- SuSE Linux Professional 9.0.0 X86 64
- SuSE Linux Professional 9.1.0
- SuSE Linux Professional 9.1.0 X86 64
- SuSE Linux Professional 9.2.0
- SuSE Linux Professional 9.2.0 X86 64
- SuSE Linux Professional 9.3.0
- SuSE Linux Professional 9.3.0 X86 64
- SuSE Novell Linux Desktop 9.0.0
- SuSE Open-Enterprise-Server 9.0.0
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SuSE Linux Openexchange Server 4.0.0
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- SuSE UnitedLinux 1.0.0
- Trustix Secure Enterprise Linux 2.0.0
- Trustix Secure Linux 2.2.0
- Trustix Secure Linux 3.0.0
- Turbolinux Appliance Server 1.0.0 Hosting Edition
- Turbolinux Appliance Server 1.0.0 Workgroup Edition
- Turbolinux Appliance Server Hosting Edition 1.0.0
- Turbolinux Appliance Server Workgroup Edition 1.0.0
- Turbolinux Turbolinux Server 10.0.0
- Turbolinux Turbolinux Server 7.0.0
- Turbolinux Turbolinux Server 8.0.0
- Turbolinux Turbolinux Workstation 7.0.0
- Turbolinux Turbolinux Workstation 8.0.0
- Ubuntu Ubuntu Linux 5.0.0 4 Amd64
- Ubuntu Ubuntu Linux 5.0.0 4 I386
- Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
- Ubuntu Ubuntu Linux 5.10.0 Amd64
- Ubuntu Ubuntu Linux 5.10.0 I386
- Ubuntu Ubuntu Linux 5.10.0 Powerpc
References
- BugTraq: 15250
- CVE: CVE-2005-3390
- URL: http://www.php.net/ChangeLog-5.php#5.0.4
- URL: http://www.net-security.org/vuln.php?id=4116