CVE-2005-2498 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2005-2498?

CVE-2005-2498 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-2498?

Check the references section above for vendor advisories and patch information. Affected products include: Gggeek Phpxmlrpc, Debian Debian Linux.

Vulnerability Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Gggeek	Phpxmlrpc	<= 1.1.1
Debian	Debian Linux	3.1

Related Weaknesses (CWE)

CWE-94

References

http://marc.info/?l=bugtraq&m=112412415822890&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=112431497300344&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2Third Party Advisory
http://secunia.com/advisories/16431Broken Link
http://secunia.com/advisories/16432Broken Link
http://secunia.com/advisories/16441Broken Link
http://secunia.com/advisories/16460Broken Link
http://secunia.com/advisories/16465Broken Link
http://secunia.com/advisories/16468Broken Link
http://secunia.com/advisories/16469Broken Link
http://secunia.com/advisories/16491Broken Link
http://secunia.com/advisories/16550Broken Link
http://secunia.com/advisories/16558Broken Link
http://secunia.com/advisories/16563Broken Link
http://secunia.com/advisories/16619Broken Link

FAQ

What is CVE-2005-2498?

CVE-2005-2498 is a vulnerability with a CVSS score of 7.5 (HIGH). Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote ...

How severe is CVE-2005-2498?

CVE-2005-2498 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-2498?

Check the references section above for vendor advisories and patch information. Affected products include: Gggeek Phpxmlrpc, Debian Debian Linux.