CVE-2005-3389

Impact:
Low
Public Date:
2005-10-31
Bugzilla:
1617822: CVE-2005-3389 security flaw

The MITRE CVE dictionary describes this issue as:

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

Find out more about CVE-2005-3389 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Stronghold 4 for Red Hat Enterprise Linux RHSA-2006:0549 2006-07-27
Red Hat Enterprise Linux 3 (php) RHSA-2005:831 2005-11-10
Red Hat Enterprise Linux 4 (php) RHSA-2005:831 2005-11-10
Red Hat Stronghold 4 RHSA-2005:882 2005-12-19
Red Hat Enterprise Linux 2.1 RHSA-2005:838 2005-11-10

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.