oval:org.mitre.oval:def:5510

Definition Id: oval:org.mitre.oval:def:5510

Oval ID:	oval:org.mitre.oval:def:5510
Title:	HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code
Description:	The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0599	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02342 HP Release B.11.11 AND filesets tests hpuxwsAPACHE.PHP version is less than B.2.0.59.04.2 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.04.2 OR Criteria meets HP Security Bulletin HPSBUX02342 platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests hpuxwsAPCH32.PHP version is less than B.2.0.59.04.2 AND hpuxwsAPCH32.PHP2 version is less than B.2.0.59.04.2 AND hpuxwsAPACHE.PHP version is less than B.2.0.59.04.2 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.04.2