CVE-2001-1246 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2001-1246?

CVE-2001-1246 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2001-1246?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.

Vulnerability Description

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	>= 4.0.5, <= 4.1.0

Related Weaknesses (CWE)

CWE-88

References

http://online.securityfocus.com/archive/1/194425Broken LinkThird Party AdvisoryVDB Entry
http://www.iss.net/security_center/static/6787.phpBroken LinkPatchVendor Advisory
http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gzBroken Link
http://www.redhat.com/support/errata/RHSA-2002-102.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2002-129.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2003-159.htmlBroken Link
http://www.securityfocus.com/bid/2954Broken LinkThird Party AdvisoryVDB Entry
http://online.securityfocus.com/archive/1/194425Broken LinkThird Party AdvisoryVDB Entry
http://www.iss.net/security_center/static/6787.phpBroken LinkPatchVendor Advisory
http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gzBroken Link
http://www.redhat.com/support/errata/RHSA-2002-102.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2002-129.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2003-159.htmlBroken Link
http://www.securityfocus.com/bid/2954Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2001-1246?

CVE-2001-1246 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell ...

How severe is CVE-2001-1246?

CVE-2001-1246 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-1246?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.