CVE-2006-4483
6.5 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.4%
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
References
cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7
cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?view=log
cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4
secunia.com/advisories/21546
secunia.com/advisories/22039
secunia.com/advisories/30411
securitytracker.com/id?1016984
wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
www.novell.com/linux/security/advisories/2006_52_php.html
www.php.net/ChangeLog-5.php#5.1.5
www.php.net/release_5_1_5.php
www.securityfocus.com/archive/1/492671/100/0/threaded
www.securityfocus.com/bid/19582
www.vupen.com/english/advisories/2006/3318
Social References
More
Related
6.5 Medium
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.4%