Lucene search

[email protected]CVE-2001-1247

HistoryDec 06, 2001 - 5:00 a.m.

CVE-2001-1247

2001-12-0605:00:00

CWE-264

[email protected]

web.nvd.nist.gov

php 4.0.4pl1

php 4.0.5

safe mode

remote attack

file access

web server

error_log function

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.8%

JSON

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

CPENameOperatorVersion
php:phpphpeq4.0.5
php:phpphpeq4.0.4pl1

CPE	Name	Operator	Version
php:php	php	eq	4.0.5
php:php	php	eq	4.0.4pl1

References

online.securityfocus.com/archive/1/194425

www.osvdb.org/5440

www.php.net/do_download.php?download_file=php-4.1.2.tar.gz

www.redhat.com/support/errata/RHSA-2002-035.html

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.8%

JSON