Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2004-0594
HistoryJul 27, 2004 - 4:00 a.m.

CVE-2004-0594

2004-07-2704:00:00
CWE-367
[email protected]
web.nvd.nist.gov

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.613 Medium

EPSS

Percentile

97.8%

JSON

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Affected configurations

NVD
Node
openpkgopenpkgMatch2.0
OR
openpkgopenpkgMatch2.1
OR
avayaconverged_communications_serverMatch2.0
OR
debiandebian_linuxMatch3.0
OR
hphp-uxMatchb.11.00
OR
hphp-uxMatchb.11.11
OR
hphp-uxMatchb.11.22
OR
hphp-uxMatchb.11.23
OR
trustixsecure_linuxMatch1.5
OR
trustixsecure_linuxMatch2.0
OR
trustixsecure_linuxMatch2.1
Node
phpphpRange4.04.3.7
OR
phpphpMatch5.0.0beta1
OR
phpphpMatch5.0.0beta2
OR
phpphpMatch5.0.0beta3
OR
phpphpMatch5.0.0beta4
OR
phpphpMatch5.0.0rc1
OR
phpphpMatch5.0.0rc2

References

Related

nessus 13
openvas 14
canvas 1
cve 1
freebsd 1
cvelist 1
osv 2
debian 3
securityvulns 2
redhat 2
slackware 1
gentoo 1
suse 1
nessus
nessus
FreeBSD : php -- memory_limit related vulnerability (dd7aa4f1-102f-11d9-8a8a-000c41e2cdad)
2005-07-13 00:00:00
Fedora Core 2 : php-4.3.8-2.1 (2004-223)
2004-07-24 00:00:00
GLSA-200407-13 : PHP: Multiple security vulnerabilities
2004-08-30 00:00:00
openvas
openvas
php -- memory_limit related vulnerability
2008-09-04 00:00:00
php -- memory_limit related vulnerability
2008-09-04 00:00:00
Slackware: Security Advisory (SSA:2004-202-01)
2012-09-10 00:00:00
canvas
canvas
Immunity Canvas: PHP_LIMIT
2004-07-27 04:00:00
cve
cve
CVE-2004-0594
2004-07-27 04:00:00
freebsd
freebsd
php -- memory_limit related vulnerability
2004-07-07 00:00:00
cvelist
cvelist
CVE-2004-0594
2004-07-16 04:00:00
osv
osv
php4 - several vulnerabilities
2004-07-20 00:00:00
php3 - several
2005-02-07 00:00:00
debian
debian
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
securityvulns
securityvulns
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
2004-07-14 00:00:00
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
2005-05-17 00:00:00
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.613 Medium

EPSS

Percentile

97.8%

JSON
Related for NVD:CVE-2004-0594
nessus13openvas14canvas1cve1freebsd1cvelist1osv2debian3securityvulns2redhat2slackware1gentoo1suse1