Lucene search

[email protected]CVE-2004-1019

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1019

2005-01-1005:00:00

CWE-20

[email protected]

web.nvd.nist.gov

php

deserialization

remote attack

denial of service

arbitrary code

vulnerability

nvd

cve-2004-1019

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger “information disclosure, double-free and negative reference index array underflow” results.

Affected configurations

NVD

Node

openpkgopenpkgMatch2.1

openpkgopenpkgMatch2.2

openpkgopenpkgMatchcurrent

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.3patch1

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2dev

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch5.0rc1

phpphpMatch5.0rc2

phpphpMatch5.0rc3

phpphpMatch5.0.0

phpphpMatch5.0.1

phpphpMatch5.0.2

Node

trustixsecure_linuxMatch2.0

trustixsecure_linuxMatch2.1

trustixsecure_linuxMatch2.2

ubuntuubuntu_linuxMatch4.1ia64

ubuntuubuntu_linuxMatch4.1ppc

CPENameOperatorVersion
openpkg:openpkgopenpkgeq2.1
openpkg:openpkgopenpkgeq2.2
openpkg:openpkgopenpkgeqcurrent
php:phpphpeq3.0
php:phpphpeq3.0.1
php:phpphpeq3.0.2
php:phpphpeq3.0.3
php:phpphpeq3.0.4
php:phpphpeq3.0.5
php:phpphpeq3.0.6

CPE	Name	Operator	Version
openpkg:openpkg	openpkg	eq	2.1
openpkg:openpkg	openpkg	eq	2.2
openpkg:openpkg	openpkg	eq	current
php:php	php	eq	3.0
php:php	php	eq	3.0.1
php:php	php	eq	3.0.2
php:php	php	eq	3.0.3
php:php	php	eq	3.0.4
php:php	php	eq	3.0.5
php:php	php	eq	3.0.6