CVE-2011-3379

Public on 2011-10-11
Modified on 2014-09-14
Description

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Severity
Medium
See what this means
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 php 2011-10-11 ALAS-2011-7

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P