Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-3189 | First vendor Publication | 2011-08-25 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3189 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-06 (php) File : nvt/glsa_201110_06.nasl |
| 2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
| 2011-09-07 | Name : PHP 'crypt()' Function Security Bypass Vulnerability File : nvt/gb_php_crypt_func_sec_bypass_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 74726 | PHP crypt() Function MD5 Salt Hash Value Return Weakness |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO |
| 2011-08-24 | Name : The remote web server uses a version of PHP that is affected by a security by... File : php_5_3_8.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:04:21 |
|
| 2024-11-28 12:26:54 |
|
| 2024-08-02 12:17:27 |
|
| 2024-08-02 01:05:07 |
|
| 2024-02-02 01:16:57 |
|
| 2024-02-01 12:04:59 |
|
| 2023-09-05 12:15:54 |
|
| 2023-09-05 01:04:52 |
|
| 2023-09-02 12:15:59 |
|
| 2023-09-02 01:04:57 |
|
| 2023-08-12 12:19:19 |
|
| 2023-08-12 01:04:58 |
|
| 2023-08-11 12:16:05 |
|
| 2023-08-11 01:05:07 |
|
| 2023-08-06 12:15:27 |
|
| 2023-08-06 01:04:58 |
|
| 2023-08-04 12:15:31 |
|
| 2023-08-04 01:04:58 |
|
| 2023-07-14 12:15:31 |
|
| 2023-07-14 01:04:56 |
|
| 2023-03-29 01:17:24 |
|
| 2023-03-28 12:05:03 |
|
| 2022-10-11 12:13:50 |
|
| 2022-10-11 01:04:41 |
|
| 2021-05-04 12:15:15 |
|
| 2021-04-22 01:16:48 |
|
| 2020-05-23 00:30:57 |
|
| 2019-06-08 12:04:13 |
|
| 2017-08-29 09:23:30 |
|
| 2016-06-28 18:48:07 |
|
| 2016-04-26 21:01:53 |
|
| 2014-02-17 11:04:44 |
|
| 2013-05-10 23:06:15 |
|
