Lucene search

MitreCVE-2008-7068

HistoryAug 25, 2009 - 10:30 a.m.

CVE-2008-7068

2009-08-2510:30:00

CWE-20

mitre

web.nvd.nist.gov

cve-2008-7068

php

dba_replace

denial of service

file truncation

vulnerability

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.009

Percentile

83.1%

JSON

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Affected configurations

Nvd

Node

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0rc1

phpphpMatch4.0rc2

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.3patch1

phpphpMatch4.0.4

phpphpMatch4.0.4patch1

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.0.7rc4

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2dev

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5.2.6

VendorProductVersionCPE
phpphp4.0cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
phpphp4.0cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
phpphp4.0cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
phpphp4.0cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
phpphp4.0cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
phpphp4.0cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
phpphp4.0cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*
phpphp4.0cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*
phpphp4.0.0cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
phpphp4.0.1cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	4.0	cpe:2.3:a:php:php:4.0:::::::*
php	php	4.0	cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
php	php	4.0	cpe:2.3:a:php:php:4.0:beta1::::::
php	php	4.0	cpe:2.3:a:php:php:4.0:beta2::::::
php	php	4.0	cpe:2.3:a:php:php:4.0:beta3::::::
php	php	4.0	cpe:2.3:a:php:php:4.0:beta4::::::
php	php	4.0	cpe:2.3:a:php:php:4.0:rc1::::::
php	php	4.0	cpe:2.3:a:php:php:4.0:rc2::::::
php	php	4.0.0	cpe:2.3:a:php:php:4.0.0:::::::*
php	php	4.0.1	cpe:2.3:a:php:php:4.0.1:::::::*