JVN/CVE Demo: Cveinfos

CVE

Id: 14596
CVE No.: CVE-2005-3390
Status: Candidate
Description: The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Phase: Assigned (20051101)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
111170	14596	CVE-2005-3390	BUGTRAQ:20051031 Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability	View
111171	14596	CVE-2005-3390	URL:http://www.securityfocus.com/archive/1/archive/1/415290/30/0/threaded	View
111172	14596	CVE-2005-3390	MISC:http://www.hardened-php.net/advisory_202005.79.html	View
111173	14596	CVE-2005-3390	MISC:http://www.hardened-php.net/globals-problem	View
111174	14596	CVE-2005-3390	CONFIRM:http://www.php.net/release_4_4_1.php	View
111175	14596	CVE-2005-3390	CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm	View
111176	14596	CVE-2005-3390	FEDORA:FLSA:166943	View
111177	14596	CVE-2005-3390	URL:http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html	View
111178	14596	CVE-2005-3390	GENTOO:GLSA-200511-08	View
111179	14596	CVE-2005-3390	URL:http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml	View
111180	14596	CVE-2005-3390	HP:HPSBMA02159	View
111181	14596	CVE-2005-3390	URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522	View
111182	14596	CVE-2005-3390	HP:SSRT061238	View
111183	14596	CVE-2005-3390	URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522	View
111184	14596	CVE-2005-3390	MANDRIVA:MDKSA-2005:213	View
111185	14596	CVE-2005-3390	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:213	View
111186	14596	CVE-2005-3390	OPENPKG:OpenPKG-SA-2005.027	View
111187	14596	CVE-2005-3390	URL:http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html	View
111188	14596	CVE-2005-3390	REDHAT:RHSA-2005:831	View
111189	14596	CVE-2005-3390	URL:http://www.redhat.com/support/errata/RHSA-2005-831.html	View
111190	14596	CVE-2005-3390	REDHAT:RHSA-2005:838	View
111191	14596	CVE-2005-3390	URL:http://www.redhat.com/support/errata/RHSA-2005-838.html	View
111192	14596	CVE-2005-3390	REDHAT:RHSA-2006:0549	View
111193	14596	CVE-2005-3390	URL:http://rhn.redhat.com/errata/RHSA-2006-0549.html	View
111194	14596	CVE-2005-3390	SUSE:SUSE-SA:2005:069	View
111195	14596	CVE-2005-3390	URL:http://www.securityfocus.com/archive/1/archive/1/419504/100/0/threaded	View
111196	14596	CVE-2005-3390	SUSE:SUSE-SR:2005:026	View
111197	14596	CVE-2005-3390	SUSE:SUSE-SR:2005:027	View
111198	14596	CVE-2005-3390	URL:http://www.novell.com/linux/security/advisories/2005_27_sr.html	View
111199	14596	CVE-2005-3390	UBUNTU:USN-232-1	View
111200	14596	CVE-2005-3390	URL:https://www.ubuntu.com/usn/usn-232-1/	View
111201	14596	CVE-2005-3390	BID:15250	View
111202	14596	CVE-2005-3390	URL:http://www.securityfocus.com/bid/15250	View
111203	14596	CVE-2005-3390	OVAL:oval:org.mitre.oval:def:10537	View
111204	14596	CVE-2005-3390	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10537	View
111205	14596	CVE-2005-3390	VUPEN:ADV-2005-2254	View
111206	14596	CVE-2005-3390	URL:http://www.vupen.com/english/advisories/2005/2254	View
111207	14596	CVE-2005-3390	VUPEN:ADV-2006-4320	View
111208	14596	CVE-2005-3390	URL:http://www.vupen.com/english/advisories/2006/4320	View
111209	14596	CVE-2005-3390	SECTRACK:1015129	View
111210	14596	CVE-2005-3390	URL:http://securitytracker.com/id?1015129	View
111211	14596	CVE-2005-3390	SECUNIA:17371	View
111212	14596	CVE-2005-3390	URL:http://secunia.com/advisories/17371	View
111213	14596	CVE-2005-3390	SECUNIA:18054	View
111214	14596	CVE-2005-3390	URL:http://secunia.com/advisories/18054	View
111215	14596	CVE-2005-3390	SECUNIA:18198	View
111216	14596	CVE-2005-3390	URL:http://secunia.com/advisories/18198	View
111217	14596	CVE-2005-3390	SECUNIA:17559	View
111218	14596	CVE-2005-3390	URL:http://secunia.com/advisories/17559	View
111219	14596	CVE-2005-3390	SECUNIA:17490	View
111220	14596	CVE-2005-3390	URL:http://secunia.com/advisories/17490	View
111221	14596	CVE-2005-3390	SECUNIA:17510	View
111222	14596	CVE-2005-3390	URL:http://secunia.com/advisories/17510	View
111223	14596	CVE-2005-3390	SECUNIA:17531	View
111224	14596	CVE-2005-3390	URL:http://secunia.com/advisories/17531	View
111225	14596	CVE-2005-3390	SECUNIA:17557	View
111226	14596	CVE-2005-3390	URL:http://secunia.com/advisories/17557	View
111227	14596	CVE-2005-3390	SECUNIA:18669	View
111228	14596	CVE-2005-3390	URL:http://secunia.com/advisories/18669	View
111229	14596	CVE-2005-3390	SECUNIA:21252	View
111230	14596	CVE-2005-3390	URL:http://secunia.com/advisories/21252	View
111231	14596	CVE-2005-3390	SECUNIA:22691	View
111232	14596	CVE-2005-3390	URL:http://secunia.com/advisories/22691	View
111233	14596	CVE-2005-3390	SREASON:132	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
62458	JVNDB-2005-000660	PHP の virtual() 関数における safe_mode および open_basedir による保護を回避される脆弱性	------------	CVE-2005-3392	14596	7.5		http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000660.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.35 MB
View render complete	2.86 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.49
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	389.93
Event: Controller.beforeRender	4.45
» Processing toolbar data	4.37
Rendering View	19.49
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	18.54
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.51
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.08
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/14596
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/14596
Remote Port	52155
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.212
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.71.62
Http Via	1.1 squid-proxy-5b5d847c96-qtpzz (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.212
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.212
Unique Id	aR9yn5f0U4bDvtah6offlAAAAXM
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.212
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.212
Redirect Unique Id	aR9yn5f0U4bDvtah6offlAAAAXM
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.212
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.212
Redirect Redirect Unique Id	aR9yn5f0U4bDvtah6offlAAAAXM
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1763668639.4664
Request Time	1763668639

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files