HTTP: PHP GLOBALS Variable Overwrite
This signature detects attempts to misuse the PHP GLOBALS variable. PHP 5.0.3 and earlier versions are vulnerable. Attackers can overwrite the GLOBALS variable.
Extended Description
PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
Affected Products
Hp system_management_homepage
References
BugTraq: 15250
CVE: CVE-2005-3390
URL: http://www.php.net/ChangeLog-5.php#5.0.4 http://www.net-security.org/vuln.php?id=4116
Short Name
HTTP:PHP:GLOBALS-INJ
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-3390 GLOBALS Overwrite PHP Variable bid:15250
Release Date
04/21/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Suse
Gentoo
Trustix
Openpkg
Hp
Turbolinux
Avaya
E107
Sgi
Ubuntu
Mandriva
Php
CVSS Score
7.5