Vulnerability Description
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 4.3.0 |
References
- http://marc.info/?l=bugtraq&m=104550977011668&w=2
- http://marc.info/?l=bugtraq&m=104567042700840&w=2
- http://marc.info/?l=bugtraq&m=104567137502557&w=2
- http://www.iss.net/security_center/static/11343.phpVendor Advisory
- http://www.securityfocus.com/bid/6875
- http://www.slackware.com/changelog/current.php?cpu=i386
- http://marc.info/?l=bugtraq&m=104550977011668&w=2
- http://marc.info/?l=bugtraq&m=104567042700840&w=2
- http://marc.info/?l=bugtraq&m=104567137502557&w=2
- http://www.iss.net/security_center/static/11343.phpVendor Advisory
- http://www.securityfocus.com/bid/6875
- http://www.slackware.com/changelog/current.php?cpu=i386
FAQ
What is CVE-2003-0097?
CVE-2003-0097 is a vulnerability with a CVSS score of 7.5 (HIGH). Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_red...
How severe is CVE-2003-0097?
CVE-2003-0097 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0097?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.