Lucene search

[email protected]CVE-2007-3378

HistoryJun 29, 2007 - 6:30 p.m.

CVE-2007-3378

2007-06-2918:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-3378

php

remote attackers

safe_mode bypass

open_basedir bypass

arbitrary commands

.htaccess

nvd

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.0%

JSON

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and © directives in .htaccess.

CPENameOperatorVersion
php:phpphple4.4.7
php:phpphple5.2.3

CPE	Name	Operator	Version
php:php	php	le	4.4.7
php:php	php	le	5.2.3

References

docs.info.apple.com/article.html?artnum=307562

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

seclists.org/fulldisclosure/2020/Sep/34

secunia.com/advisories/26642

secunia.com/advisories/26822

secunia.com/advisories/26838

secunia.com/advisories/27102

secunia.com/advisories/27377

secunia.com/advisories/27648

secunia.com/advisories/28318

secunia.com/advisories/28750

secunia.com/advisories/28936

secunia.com/advisories/29420

secunia.com/advisories/30040

securityreason.com/achievement_exploitalert/9

securityreason.com/achievement_securityalert/45

securityreason.com/securityalert/2831

securityreason.com/securityalert/3389

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136

www.gentoo.org/security/en/glsa/glsa-200710-02.xml

www.openwall.com/lists/oss-security/2020/09/17/3

www.osvdb.org/38682

www.php.net/ChangeLog-4.php

www.php.net/ChangeLog-5.php#5.2.4

www.php.net/ChangeLog-5.php#5.2.5

www.php.net/releases/4_4_8.php

www.php.net/releases/5_2_4.php

www.php.net/releases/5_2_5.php

www.securityfocus.com/archive/1/472343/100/0/threaded

www.securityfocus.com/archive/1/491693/100/0/threaded

www.securityfocus.com/bid/24661

www.securityfocus.com/bid/25498

www.trustix.org/errata/2007/0026/

www.vupen.com/english/advisories/2007/3023

www.vupen.com/english/advisories/2008/0059

www.vupen.com/english/advisories/2008/0398

www.vupen.com/english/advisories/2008/0924/references

exchange.xforce.ibmcloud.com/vulnerabilities/35102

exchange.xforce.ibmcloud.com/vulnerabilities/39403

issues.rpath.com/browse/RPL-1693

issues.rpath.com/browse/RPL-1702

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2007-3378

prion1 securityvulns3 redhatcve1 seebug1 ubuntucve1 openvas14 nessus6 freebsd1 gentoo1