Think you have a false positive on this rule?

Sid 1-45676

Message

SERVER-WEBAPP PHP phpmimesplit multipart file upload buffer overflow attempt

Summary

This event is generated when an attacker attempts to exploit a buffer overflow vulnerability present in phpmimesplit.

Impact

Attempted User Privilege Gain

CVE-2002-0081:

CVSS base score 7.5

CVSS impact score 6.4

CVSS exploitability score 10.0

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Detailed information

Rule checks for an attempt to exploit improper boundary checks in php's phpmimesplit function. CVE-2002-0081: Buffer overflows in (1) phpmimesplit in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3mimesplit in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

Affected systems

  • php php 3.0
  • php php 4.0.6
  • php php 4.1.0
  • php php 4.1.1

Ease of attack

CVE-2002-0081:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

Not known

False negatives

Not known

Corrective action

Upgrade PHP to the latest and most-updated version.

Contributors

  • Cisco's Talos Intelligence Group

Additional References