View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2008-0599 severity critical: SUSE including 653 source package names (apache2-mod_php5, apache2-mod_php5-5.2.14-0.7.24.1, …), 937 product×package rows across 28 product lines (SLES for SAP Applications 11 SP2, SLES for SAP Applications 11 SP3, … (28 product lines)): Known Not Affected 556, Fixed 381.
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.