suse · CVE-2008-0599

Quick triage

Priority: critical Published: 2021-05-30 12:41:39 UTC Updated: 2026-04-18 20:29:09 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2008-0599 severity critical: SUSE including 653 source package names (apache2-mod_php5, apache2-mod_php5-5.2.14-0.7.24.1, …), 937 product×package rows across 28 product lines (SLES for SAP Applications 11 SP2, SLES for SAP Applications 11 SP3, … (28 product lines)): Known Not Affected 556, Fixed 381.

Description:

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

cvelogic Threat Intelligence