{"vuid":"VU#297363","idnumber":"297363","name":"PHP contains vulnerability in \"php_mime_split\" function allowing arbitrary code execution","keywords":["PHP","php_mime_split","arbitrary code execution","POST method","multipart/form-data","file upload"],"overview":"Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server.","clean_desc":"PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium, Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the php_mime_split function may allow an intruder to execute arbitrary code with the privileges of the web server. For additional details, see http://security.e-matters.de/advisories/012002.html Web servers that do not have PHP installed are not affected by this vulnerability.","impact":"Intruders can execute arbitrary code with the privileges of the web server, or interrupt normal operations of the web server.","resolution":"Upgrade to PHP version 4.1.2, available from http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz. If upgrading is not possible, apply patches as described at http://www.php.net/downloads.php: For PHP 4.10/4.11\nhttp://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz For PHP 4.06\nhttp://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.0.6.gz For PHP 3.0\nhttp://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz If you are using version 4.20-dev, you are not affected by this vulnerability. Quoting from http://security.e-matters.de/advisories/012002.htm, \"users running PHP 4.2.0-dev from cvs are not vulnerable to any of the described bugs because the fileupload code was completly rewritten for the 4.2.0 branch.","workarounds":"If upgrading is not possible or a patch cannot be applied, you can avoid these vulnerabilities by setting file_uploads = Off in the php.ini file for version 4.0.3 and above. This will prevent you from using fileuploads, which may not be acceptable for your operation.","sysaffected":"","thanks":"Our thanks to Stefan Esser, upon whose \nadvisory\n this document is based.","author":"This document was written by Shawn V. Hernan.","public":["http://security.e-matters.de/advisories/012002.html","http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz","http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.0.6.gz","http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz"],"cveids":["CVE-2002-0081"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-02-27T15:59:40Z","publicdate":"2002-02-27T00:00:00Z","datefirstpublished":"2002-02-27T18:13:39Z","dateupdated":"2002-02-27T18:13:57Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"17","cam_impact":"18","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"55.08","cam_scorecurrentwidelyknown":"63.68625","cam_scorecurrentwidelyknownexploited":"98.11125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":55.08,"vulnote":null}