fkie_cve-2004-0263
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F3141B-2C30-4230-A425-465E235539EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D2C9EA-1241-4DE6-A6CD-FCD7EEC9B42D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EA86B9-4F86-4ADA-BC6A-4F6E261848F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA6523AC-ECC9-4A79-9387-18308FCF9A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDCBCF0F-63FB-4A03-92F8-FF121083CD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4363C07C-179B-4797-947F-7440AD1F2D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB1AA4A-DF05-445A-858F-39A9CC2892A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB26F3B0-04F8-43C1-9136-B85932F1C2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*",
              "matchCriteriaId": "34FD94C9-2352-4147-9BF2-A3CF841A159B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B67BD173-8517-4E97-BC65-D9657C63601A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "B392A96F-FD2F-4073-8EED-EB31E1F20FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "E130104B-86F5-411E-8AC0-9B4B780BCA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E62E621-74DA-4D99-A79C-AD2B85896A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C577188-BD56-4571-A61A-1684DC9E9DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3A4CD9-1E96-4D3B-938D-F2D15855B0DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "163A6EF6-7D3F-4B1F-9E03-A8C86562CC3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "154566FB-0D1A-4DC2-AFE6-49DE93850951",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB477AFB-EA39-4892-B772-586CF6D2D235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*",
              "matchCriteriaId": "5C4962BB-0E61-4788-B582-21F05CD33AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35906CD-038E-4243-8A95-F0A3A43F06F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "B940BB85-03F5-46D7-8DC9-2E1E228D3D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "82139FFA-2779-4732-AFA5-4E6E19775899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7F717E6-BACD-4C8A-A9C5-516ADA6FEE6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "08AB120B-2FEC-4EB3-9777-135D81E809AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C7FF669-12E0-4A73-BBA7-250D109148C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB7B1F1-7202-445D-9F96-135DC0AFB1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB7EE53-187E-40A9-9865-0F3EDA2B5A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D06AE8A-9BA8-4AA8-ACEA-326CD001E879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC1A04B-0466-48AD-89F3-1F2EF1DEBE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F34D08-430E-4331-A27D-667149425176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "248BDF2C-3E78-49D1-BD9C-60C09A441724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0FDE3D-1509-4375-8703-0D174D70B22E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFE732B5-00C9-4443-97E0-1DF21475C26B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79C41D3-6894-4F2D-B8F8-82AB4780A824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:http_server:1.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C3A030-EF04-4C82-BFD5-CF6459099B15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information."
    },
    {
      "lang": "es",
      "value": "PHP 4.3.4 y anteriores en Apache 1.x y 2.x (mod_php) pude filtrar variables globales entre servidores virtuales con diferente configuraci\u00f3n que son manejadas por el mismo proceso hijo de Apache, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible."
    }
  ],
  "id": "CVE-2004-0263",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-11-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200402-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3878"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9599"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200402-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15072"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…