CVE-2011-3379

Public on 2011-10-11
Modified on 2014-09-14
Description
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 php 2011-10-11 ALAS-2011-7 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P