[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3017Date: (C)2006-06-14   (M)2023-12-22


zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1016306
SECTRACK-1016649
BID-17843
SECUNIA-19927
20060701-01-U
http://www.securityfocus.com/archive/1/archive/1/442437/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/447866/100/0/threaded
SECUNIA-21031
SECUNIA-21050
SECUNIA-21125
SECUNIA-21135
SECUNIA-21202
SECUNIA-21252
SECUNIA-21723
SECUNIA-22225
SECUNIA-22713
OSVDB-25255
OSVDB-26466
DSA-1206
MDKSA-2006:122
RHSA-2006:0549
RHSA-2006:0567
RHSA-2006:0568
SUSE-SA:2006:031
SUSE-SA:2006:034
TLSA-2006-38
USN-320-1
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.php.net/release_5_1_3.php
https://issues.rpath.com/browse/RPL-683
php-zendhashdel-unspecified(27396)

CPE    72
cpe:/a:php:php:3.0
cpe:/a:php:php:5.0.0:rc3
cpe:/a:php:php:5.0.0:rc2
cpe:/a:php:php:5.0.0:rc1
...

© SecPod Technologies