Vulnerability-Lookup

CVE-2008-2051 (GCVE-0-2008-2051)

Vulnerability from cvelistv5 – Published: 2008-05-05 17:00 – Updated: 2024-08-07 08:49

Summary

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.vupen.com/english/advisories/2008/1412	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/492535/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/30288	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/32746	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30083	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://security.gentoo.org/glsa/glsa-200811-05.xml	vendor-advisoryx_refsource_GENTOO
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/29009	vdb-entryx_refsource_BID
	http://secunia.com/advisories/30828	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2008/2268	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2008/dsa-1572	vendor-advisoryx_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/30345	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-628-1	vendor-advisoryx_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/31124	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30967	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/31119	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/05/02/2	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/archive/1/492671/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/30411	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30158	third-party-advisoryx_refsource_SECUNIA
	http://www.php.net/ChangeLog-5.php	x_refsource_CONFIRM
	http://secunia.com/advisories/31200	third-party-advisoryx_refsource_SECUNIA
	http://www.slackware.com/security/viewer.php?l=sl…	vendor-advisoryx_refsource_SLACKWARE
	http://secunia.com/advisories/30757	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2008/dsa-1578	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/31326	third-party-advisoryx_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-2503	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-05…	vendor-advisoryx_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/30048	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:57.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-1412",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1412"
          },
          {
            "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
          },
          {
            "name": "30288",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30288"
          },
          {
            "name": "FEDORA-2008-3606",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
          },
          {
            "name": "32746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32746"
          },
          {
            "name": "30083",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30083"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "GLSA-200811-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
          },
          {
            "name": "RHSA-2008:0546",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
          },
          {
            "name": "FEDORA-2008-3864",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10256",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
          },
          {
            "name": "29009",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29009"
          },
          {
            "name": "30828",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30828"
          },
          {
            "name": "MDVSA-2008:128",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
          },
          {
            "name": "ADV-2008-2268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "DSA-1572",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1572"
          },
          {
            "name": "RHSA-2008:0582",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
          },
          {
            "name": "30345",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30345"
          },
          {
            "name": "USN-628-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-628-1"
          },
          {
            "name": "RHSA-2008:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
          },
          {
            "name": "31124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31124"
          },
          {
            "name": "30967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30967"
          },
          {
            "name": "31119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31119"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
          },
          {
            "name": "[oss-security] 20080502 CVE Request (PHP)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
          },
          {
            "name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
          },
          {
            "name": "30411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30411"
          },
          {
            "name": "30158",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "31200",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31200"
          },
          {
            "name": "SSA:2008-128-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
          },
          {
            "name": "30757",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30757"
          },
          {
            "name": "RHSA-2008:0544",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
          },
          {
            "name": "DSA-1578",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1578"
          },
          {
            "name": "SUSE-SR:2008:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
          },
          {
            "name": "MDVSA-2008:125",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
          },
          {
            "name": "31326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2503"
          },
          {
            "name": "RHSA-2008:0505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
          },
          {
            "name": "MDVSA-2008:126",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
          },
          {
            "name": "MDVSA-2008:127",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
          },
          {
            "name": "30048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30048"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2008-1412",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1412"
        },
        {
          "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
        },
        {
          "name": "30288",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30288"
        },
        {
          "name": "FEDORA-2008-3606",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
        },
        {
          "name": "32746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32746"
        },
        {
          "name": "30083",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30083"
        },
        {
          "name": "APPLE-SA-2008-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
        },
        {
          "name": "GLSA-200811-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
        },
        {
          "name": "RHSA-2008:0546",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
        },
        {
          "name": "FEDORA-2008-3864",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10256",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
        },
        {
          "name": "29009",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29009"
        },
        {
          "name": "30828",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30828"
        },
        {
          "name": "MDVSA-2008:128",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
        },
        {
          "name": "ADV-2008-2268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2268"
        },
        {
          "name": "DSA-1572",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1572"
        },
        {
          "name": "RHSA-2008:0582",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
        },
        {
          "name": "30345",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30345"
        },
        {
          "name": "USN-628-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-628-1"
        },
        {
          "name": "RHSA-2008:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
        },
        {
          "name": "31124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31124"
        },
        {
          "name": "30967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30967"
        },
        {
          "name": "31119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31119"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
        },
        {
          "name": "[oss-security] 20080502 CVE Request (PHP)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
        },
        {
          "name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
        },
        {
          "name": "30411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30411"
        },
        {
          "name": "30158",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php"
        },
        {
          "name": "31200",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31200"
        },
        {
          "name": "SSA:2008-128-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
        },
        {
          "name": "30757",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30757"
        },
        {
          "name": "RHSA-2008:0544",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
        },
        {
          "name": "DSA-1578",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1578"
        },
        {
          "name": "SUSE-SR:2008:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
        },
        {
          "name": "MDVSA-2008:125",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
        },
        {
          "name": "31326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31326"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2503"
        },
        {
          "name": "RHSA-2008:0505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
        },
        {
          "name": "MDVSA-2008:126",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
        },
        {
          "name": "MDVSA-2008:127",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
        },
        {
          "name": "30048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30048"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-2051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-1412",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1412"
            },
            {
              "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
            },
            {
              "name": "30288",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30288"
            },
            {
              "name": "FEDORA-2008-3606",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
            },
            {
              "name": "32746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32746"
            },
            {
              "name": "30083",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30083"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "GLSA-200811-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
            },
            {
              "name": "RHSA-2008:0546",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
            },
            {
              "name": "FEDORA-2008-3864",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10256",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
            },
            {
              "name": "29009",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29009"
            },
            {
              "name": "30828",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30828"
            },
            {
              "name": "MDVSA-2008:128",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "DSA-1572",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1572"
            },
            {
              "name": "RHSA-2008:0582",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
            },
            {
              "name": "30345",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30345"
            },
            {
              "name": "USN-628-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-628-1"
            },
            {
              "name": "RHSA-2008:0545",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
            },
            {
              "name": "31124",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31124"
            },
            {
              "name": "30967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30967"
            },
            {
              "name": "31119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31119"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
            },
            {
              "name": "[oss-security] 20080502 CVE Request (PHP)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
            },
            {
              "name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
            },
            {
              "name": "30411",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30411"
            },
            {
              "name": "30158",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30158"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "31200",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31200"
            },
            {
              "name": "SSA:2008-128-01",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
            },
            {
              "name": "30757",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30757"
            },
            {
              "name": "RHSA-2008:0544",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
            },
            {
              "name": "DSA-1578",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1578"
            },
            {
              "name": "SUSE-SR:2008:014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
            },
            {
              "name": "MDVSA-2008:125",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2503",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2503"
            },
            {
              "name": "RHSA-2008:0505",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
            },
            {
              "name": "MDVSA-2008:126",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
            },
            {
              "name": "MDVSA-2008:127",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
            },
            {
              "name": "30048",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30048"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2051",
    "datePublished": "2008-05-05T17:00:00.000Z",
    "dateReserved": "2008-05-02T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:49:57.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-388

Vulnerability from certfr_avis - Published: 2008-08-01 - Updated: 2008-08-01

Plusieurs vulnérabilités permettant entre autres l'exécution de code arbitraire à distance, et concernant le système d'exploitaiton Mac OS X, ont été corrigées.

Description

Plusieurs vulnérabilités concernant Mac OS X ont été corrigées :

Open Scripting Architecture : une mauvaise gestion des droits des plugins permet à un utilisateur malveillant local d'élever ses privilèges.
BIND : une mauvaise gestion de l'aléa et un vulnérabilité protocolaire permettent de corrompre le cache du DNS.
CarbonCore : une vulnérabilité dans les gestion des noms longs de fichier permet l'exécution de code arbitraire.
CoreGraphics : une corruption de mémoire permet l'exécution de code arbitraire, par exemple à l'aide d'un site Web spécifiquement réalisé.
CoreGraphics : un dépassement d'entier lors de la gestion de fichiers au format PDF permet l'exécution de code arbitraire.
Data Detectors Engine : la visualisation d'un message spécifiquement créé permet de provoquer un déni de service de l'application.
Disk Utility : après l'utilisation de l'outil Repair Permissions il est possible d'exécuter des commandes avec les droits sytème à l'aide d'emacs.
OpenLDAP : un message spécifiquement réalisé permet de provoquer un déni de service de l'application.
OpenSSL : une vulnérabilité dans la fonction SSL_get_shared_ciphers() permet de provoquer un déni de service de l'application.
PHP : plusieurs vulnérabilités, dont certaines permettant l'exécution de code arbitraire, ont été corrigées.
QuickLook : un document au format Microsoft Office spécifiquement réalisé permet l'exécution de code arbitraire.
rsync : l'utilisation de liens symboliques permet de modifier des fichiers hors du module.

Solution

Se référer au bulletin de sécurité d'Apple HT2647 du 1 août 2008 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.4.11 ;
N/A	N/A	Mac OS X Server 10.4 ;
N/A	N/A	Mac OS X 10.5.4.
N/A	N/A	Mac OS X Server 10.5 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT2647 du 1 août 2008	None	vendor-advisory
Bulletin de sécurité Apple HT2647 du 01 août 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant Mac OS X ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Open Scripting Architecture : une mauvaise gestion des droits des\n    plugins permet \u00e0 un utilisateur malveillant local d\u0027\u00e9lever ses\n    privil\u00e8ges.\n-   BIND : une mauvaise gestion de l\u0027al\u00e9a et un vuln\u00e9rabilit\u00e9\n    protocolaire permettent de corrompre le cache du DNS.\n-   CarbonCore : une vuln\u00e9rabilit\u00e9 dans les gestion des noms longs de\n    fichier permet l\u0027ex\u00e9cution de code arbitraire.\n-   CoreGraphics : une corruption de m\u00e9moire permet l\u0027ex\u00e9cution de code\n    arbitraire, par exemple \u00e0 l\u0027aide d\u0027un site Web sp\u00e9cifiquement\n    r\u00e9alis\u00e9.\n-   CoreGraphics : un d\u00e9passement d\u0027entier lors de la gestion de\n    fichiers au format PDF permet l\u0027ex\u00e9cution de code arbitraire.\n-   Data Detectors Engine : la visualisation d\u0027un message sp\u00e9cifiquement\n    cr\u00e9\u00e9 permet de provoquer un d\u00e9ni de service de l\u0027application.\n-   Disk Utility : apr\u00e8s l\u0027utilisation de l\u0027outil Repair Permissions il\n    est possible d\u0027ex\u00e9cuter des commandes avec les droits syt\u00e8me \u00e0\n    l\u0027aide d\u0027emacs.\n-   OpenLDAP : un message sp\u00e9cifiquement r\u00e9alis\u00e9 permet de provoquer un\n    d\u00e9ni de service de l\u0027application.\n-   OpenSSL : une vuln\u00e9rabilit\u00e9 dans la fonction\n    SSL_get_shared_ciphers() permet de provoquer un d\u00e9ni de service de\n    l\u0027application.\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettant\n    l\u0027ex\u00e9cution de code arbitraire, ont \u00e9t\u00e9 corrig\u00e9es.\n-   QuickLook : un document au format Microsoft Office sp\u00e9cifiquement\n    r\u00e9alis\u00e9 permet l\u0027ex\u00e9cution de code arbitraire.\n-   rsync : l\u0027utilisation de liens symboliques permet de modifier des\n    fichiers hors du module.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 d\u0027Apple HT2647 du 1 ao\u00fbt 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2324"
    },
    {
      "name": "CVE-2007-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5135"
    },
    {
      "name": "CVE-2007-6200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6200"
    },
    {
      "name": "CVE-2008-2051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2051"
    },
    {
      "name": "CVE-2008-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2322"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2008-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2325"
    },
    {
      "name": "CVE-2007-6199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6199"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1447"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2008-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2323"
    },
    {
      "name": "CVE-2008-2050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2050"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2008-2952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2952"
    }
  ],
  "initial_release_date": "2008-08-01T00:00:00",
  "last_revision_date": "2008-08-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 01 ao\u00fbt 2008 :",
      "url": "http://support.apple.com/kb/HT2647"
    }
  ],
  "reference": "CERTA-2008-AVI-388",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, et concernant le syst\u00e8me d\u0027exploitaiton Mac OS X,\nont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT2647 du 1 ao\u00fbt 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-225

Vulnerability from certfr_avis - Published: 2008-05-02 - Updated: 2008-06-25

De multiples vulnérabilités dans PHP 5 permettent l'exécution de code arbitraire à distance et le contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans PHP. L'une d'entre elles permet de contourner le mode safe_mode. D'autres failles permettent l'exécution de code arbitraire à distance.

Solution

Mettre PHP à jour en version 5.2.6 (cf. section Documentation).

PHP versions 5.2.5 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Notes de version PHP 5.2.6 du 01 mai 2008	None	vendor-advisory
Bulletin de sécurité Fedora FEDORA-2008-3864 du 20 juin 2008 :	-	other
Version 5.2.6 de PHP :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cTT\u003ePHP\u003c/TT\u003e versions 5.2.5 et ant\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. L\u0027une d\u0027entre\nelles permet de contourner le mode safe_mode. D\u0027autres failles\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre PHP \u00e0 jour en version 5.2.6 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2051"
    },
    {
      "name": "CVE-2008-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2107"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2108"
    }
  ],
  "initial_release_date": "2008-05-02T00:00:00",
  "last_revision_date": "2008-06-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2008-3864 du 20 juin    2008 :",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-june/msg00773.html"
    },
    {
      "title": "Version 5.2.6 de PHP :",
      "url": "http://www.php.net/downloads.php#v5"
    }
  ],
  "reference": "CERTA-2008-AVI-225",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-02T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux CVE et au bulletin de s\u00e9curit\u00e9 Fedora.",
      "revision_date": "2008-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans PHP 5 permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance et le contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de version PHP 5.2.6 du 01 mai 2008",
      "url": "http://www.php.net/ChangeLog-5.php"
    }
  ]
}

GHSA-RGM3-VGW5-F2FW

Vulnerability from github – Published: 2022-05-01 23:46 – Updated: 2022-05-01 23:46

Details

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2051"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-05-05T17:20:00Z",
    "severity": "HIGH"
  },
  "details": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\"",
  "id": "GHSA-rgm3-vgw5-f2fw",
  "modified": "2022-05-01T23:46:09Z",
  "published": "2022-05-01T23:46:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2051"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-2503"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30048"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30083"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30158"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30288"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30345"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30411"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30757"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30828"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31119"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31124"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31200"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32746"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1572"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1578"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29009"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-628-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1412"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-2051

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

Aliases

CVE-2008-2051

Aliases

CVE-2008-2051

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2051",
    "description": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\"",
    "id": "GSD-2008-2051",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2051.html",
      "https://www.debian.org/security/2008/dsa-1578",
      "https://www.debian.org/security/2008/dsa-1572",
      "https://access.redhat.com/errata/RHSA-2008:0582",
      "https://access.redhat.com/errata/RHSA-2008:0546",
      "https://access.redhat.com/errata/RHSA-2008:0545",
      "https://access.redhat.com/errata/RHSA-2008:0544",
      "https://access.redhat.com/errata/RHSA-2008:0505",
      "https://linux.oracle.com/cve/CVE-2008-2051.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2051"
      ],
      "details": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\"",
      "id": "GSD-2008-2051",
      "modified": "2023-12-13T01:23:01.198878Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-2051",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-1412",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1412"
          },
          {
            "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
          },
          {
            "name": "30288",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30288"
          },
          {
            "name": "FEDORA-2008-3606",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
          },
          {
            "name": "32746",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32746"
          },
          {
            "name": "30083",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30083"
          },
          {
            "name": "APPLE-SA-2008-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
          },
          {
            "name": "GLSA-200811-05",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
          },
          {
            "name": "RHSA-2008:0546",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
          },
          {
            "name": "FEDORA-2008-3864",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10256",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
          },
          {
            "name": "29009",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29009"
          },
          {
            "name": "30828",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30828"
          },
          {
            "name": "MDVSA-2008:128",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
          },
          {
            "name": "ADV-2008-2268",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2268"
          },
          {
            "name": "DSA-1572",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1572"
          },
          {
            "name": "RHSA-2008:0582",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
          },
          {
            "name": "30345",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30345"
          },
          {
            "name": "USN-628-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-628-1"
          },
          {
            "name": "RHSA-2008:0545",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
          },
          {
            "name": "31124",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31124"
          },
          {
            "name": "30967",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30967"
          },
          {
            "name": "31119",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31119"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
          },
          {
            "name": "[oss-security] 20080502 CVE Request (PHP)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
          },
          {
            "name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
          },
          {
            "name": "30411",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30411"
          },
          {
            "name": "30158",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30158"
          },
          {
            "name": "http://www.php.net/ChangeLog-5.php",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/ChangeLog-5.php"
          },
          {
            "name": "31200",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31200"
          },
          {
            "name": "SSA:2008-128-01",
            "refsource": "SLACKWARE",
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
          },
          {
            "name": "30757",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30757"
          },
          {
            "name": "RHSA-2008:0544",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
          },
          {
            "name": "DSA-1578",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1578"
          },
          {
            "name": "SUSE-SR:2008:014",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
          },
          {
            "name": "MDVSA-2008:125",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
          },
          {
            "name": "31326",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31326"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-2503",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-2503"
          },
          {
            "name": "RHSA-2008:0505",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
          },
          {
            "name": "MDVSA-2008:126",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
          },
          {
            "name": "MDVSA-2008:127",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
          },
          {
            "name": "30048",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30048"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-2051"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.php.net/ChangeLog-5.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/ChangeLog-5.php"
            },
            {
              "name": "[oss-security] 20080502 CVE Request (PHP)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2503",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-2503"
            },
            {
              "name": "DSA-1578",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1578"
            },
            {
              "name": "29009",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29009"
            },
            {
              "name": "30048",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30048"
            },
            {
              "name": "30288",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30288"
            },
            {
              "name": "30345",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30345"
            },
            {
              "name": "31119",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31119"
            },
            {
              "name": "MDVSA-2008:128",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
            },
            {
              "name": "31200",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31200"
            },
            {
              "name": "MDVSA-2008:125",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
            },
            {
              "name": "31124",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31124"
            },
            {
              "name": "30411",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30411"
            },
            {
              "name": "SUSE-SR:2008:014",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
            },
            {
              "name": "APPLE-SA-2008-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
            },
            {
              "name": "FEDORA-2008-3864",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
            },
            {
              "name": "RHSA-2008:0545",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
            },
            {
              "name": "MDVSA-2008:126",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
            },
            {
              "name": "RHSA-2008:0582",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
            },
            {
              "name": "RHSA-2008:0546",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
            },
            {
              "name": "FEDORA-2008-3606",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
            },
            {
              "name": "30828",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30828"
            },
            {
              "name": "MDVSA-2008:127",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
            },
            {
              "name": "30967",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30967"
            },
            {
              "name": "USN-628-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-628-1"
            },
            {
              "name": "RHSA-2008:0505",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
            },
            {
              "name": "30757",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30757"
            },
            {
              "name": "31326",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31326"
            },
            {
              "name": "RHSA-2008:0544",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
            },
            {
              "name": "30158",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30158"
            },
            {
              "name": "DSA-1572",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1572"
            },
            {
              "name": "30083",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30083"
            },
            {
              "name": "ADV-2008-1412",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1412"
            },
            {
              "name": "ADV-2008-2268",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2268"
            },
            {
              "name": "32746",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32746"
            },
            {
              "name": "GLSA-200811-05",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
            },
            {
              "name": "SSA:2008-128-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
            },
            {
              "name": "oval:org.mitre.oval:def:10256",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
            },
            {
              "name": "20080527 rPSA-2008-0178-1 php php-mysql php-pgsql",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
            },
            {
              "name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:38Z",
      "publishedDate": "2008-05-05T17:20Z"
    }
  }
}

FKIE_CVE-2008-2051

Vulnerability from fkie_nvd - Published: 2008-05-05 17:20 - Updated: 2025-04-09 00:30

Severity ?

Summary

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

References

	URL	Tags
	secalert@redhat.com	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
	secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
	secalert@redhat.com	http://secunia.com/advisories/30048
	secalert@redhat.com	http://secunia.com/advisories/30083
	secalert@redhat.com	http://secunia.com/advisories/30158
	secalert@redhat.com	http://secunia.com/advisories/30288
	secalert@redhat.com	http://secunia.com/advisories/30345
	secalert@redhat.com	http://secunia.com/advisories/30411
	secalert@redhat.com	http://secunia.com/advisories/30757
	secalert@redhat.com	http://secunia.com/advisories/30828
	secalert@redhat.com	http://secunia.com/advisories/30967
	secalert@redhat.com	http://secunia.com/advisories/31119
	secalert@redhat.com	http://secunia.com/advisories/31124
	secalert@redhat.com	http://secunia.com/advisories/31200
	secalert@redhat.com	http://secunia.com/advisories/31326
	secalert@redhat.com	http://secunia.com/advisories/32746
	secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200811-05.xml
	secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
	secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
	secalert@redhat.com	http://www.debian.org/security/2008/dsa-1572
	secalert@redhat.com	http://www.debian.org/security/2008/dsa-1578
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2008/05/02/2
	secalert@redhat.com	http://www.php.net/ChangeLog-5.php
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0505.html
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0544.html
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0545.html
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0546.html
	secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0582.html
	secalert@redhat.com	http://www.securityfocus.com/archive/1/492535/100/0/threaded
	secalert@redhat.com	http://www.securityfocus.com/archive/1/492671/100/0/threaded
	secalert@redhat.com	http://www.securityfocus.com/bid/29009
	secalert@redhat.com	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
	secalert@redhat.com	http://www.ubuntu.com/usn/usn-628-1
	secalert@redhat.com	http://www.vupen.com/english/advisories/2008/1412
	secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2268
	secalert@redhat.com	https://issues.rpath.com/browse/RPL-2503
	secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256
	secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
	secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30048
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30083
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30158
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30288
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30345
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30411
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30757
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30828
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30967
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31119
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31124
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31200
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31326
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32746
	af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200811-05.xml
	af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
	af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1572
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1578
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/05/02/2
	af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/ChangeLog-5.php
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0505.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0544.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0545.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0546.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0582.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492535/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/492671/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29009
	af854a3a-2127-422b-91ae-364da2661108	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-628-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1412
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2268
	af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-2503
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html

Impacted products

Vendor	Product	Version
php	php	*
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18255FF5-3F40-483F-85DC-21D9B6B4FE07",
              "versionEndIncluding": "5.2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\""
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n escapeshellcmd API en PHP anterior a 5.2.6 tiene impacto desconocido y vectores de ataque dependientes del contexto relacionados con \"caracteres multibyte incompletos\"."
    }
  ],
  "id": "CVE-2008-2051",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-05T17:20:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30048"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30158"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30288"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30345"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30411"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30757"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30828"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31119"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31124"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31200"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32746"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1572"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1578"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/29009"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-628-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1412"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2503"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492671/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.488951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-628-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2051 (GCVE-0-2008-2051)

CERTA-2008-AVI-388

Description

Solution

CERTA-2008-AVI-225

Description

Solution

GHSA-RGM3-VGW5-F2FW

GSD-2008-2051

FKIE_CVE-2008-2051

Tags

Sightings

Nomenclature