National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2002-0081 Detail


Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

Source:  MITRE      Last Modified:  03/08/2002

Quick Info

CVE Dictionary Entry:
Original release date:
Last revised:


CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
Exploitability Subscore:
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource Type Source Name External Source CONECTIVA CLA-2002:468 External Source BUGTRAQ 20020227 Advisory 012002: PHP remote vulnerabilities External Source BUGTRAQ 20020228 TSLSA-2002-0033 - mod_php External Source BUGTRAQ 20020304 Apache+php Proof of Concept Exploit External Source NTBUGTRAQ 20020227 PHP remote vulnerabilities External Source VULN-DEV 20020225 Re: Rumours about Apache 1.3.22 exploits External Source HP HPSBTL0203-028 Vendor Advisory External Source MISC US Government Resource External Source CERT CA-2002-05 External Source DEBIAN DSA-115 External Source XF php-file-upload-overflow(8281) US Government Resource External Source CERT-VN VU#297363 External Source MANDRAKE MDKSA-2002:017 External Source ENGARDE ESA-20020301-006 External Source SUSE SuSE-SA:2002:007 Patch External Source CONFIRM External Source REDHAT RHSA-2002:035 External Source REDHAT RHSA-2002:040 External Source BID 4183

Technical Details

Vulnerability Type (View All)

Change History 2 change records found - show changes