Vulnerability CVE-2004-0263


Published: 2004-11-23   Modified: 2012-02-12

Description:
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Vendor: Apache
Product: Http server 
Version:
2.0.9
2.0.48
2.0.47
2.0.46
2.0.45
2.0.44
2.0.43
2.0.42
2.0.41
2.0.40
2.0.39
2.0.38
2.0.37
2.0.36
2.0.35
2.0.32
2.0.28
2.0
1.3.9
1.3.7
1.3.6
1.3.4
1.3.3
1.3.29
1.3.28
1.3.27
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.20
1.3.19
1.3.18
1.3.17
1.3.14
1.3.12
1.3.11
1.3.1
1.3
1.2.5
1.2
1.1.1
1.1
1.0.5
1.0.3
1.0.2
1.0
Vendor: IBM
Product: Http server 
Version: 1.3.19;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://xforce.iss.net/xforce/xfdb/15072
http://www.securityfocus.com/bid/9599
http://security.gentoo.org/glsa/glsa-200402-01.xml
http://www.osvdb.org/3878

Related CVE
CVE-2017-1609
IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2018-1541
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...
CVE-2018-1533
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...
CVE-2018-1706
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus...
CVE-2018-1604
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...
CVE-2018-1704
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remot...
CVE-2018-1702
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive...
CVE-2018-1820
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

Copyright 2018, cxsecurity.com

 

Back to Top