Vulnerability Description
Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted HTTP POST fileupload requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitflux | Upload Progress Meter | 8215 |
Related Weaknesses (CWE)
References
- http://blog.php-security.org/archives/58-Suhosin-caught-another-remote-code-execVendor Advisory
- http://www.securityfocus.com/bid/21417Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4841Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30715
- https://ssl.bitflux.ch/horde/chora/diff.php/misc/uploadprogress/uploadprogress.cPatch
- http://blog.php-security.org/archives/58-Suhosin-caught-another-remote-code-execVendor Advisory
- http://www.securityfocus.com/bid/21417Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4841Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30715
- https://ssl.bitflux.ch/horde/chora/diff.php/misc/uploadprogress/uploadprogress.cPatch
FAQ
What is CVE-2006-6361?
CVE-2006-6361 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash)...
How severe is CVE-2006-6361?
CVE-2006-6361 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6361?
Check the references section above for vendor advisories and patch information. Affected products include: Bitflux Upload Progress Meter.