Lucene search

K

RedhatCVELIST:CVE-2015-4598

HistoryMay 16, 2016 - 10:00 a.m.

CVE-2015-4598

2016-05-1610:00:00

redhat

www.cve.org

7.6 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.7%

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.

References

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1186.html

rhn.redhat.com/errata/RHSA-2015-1187.html

rhn.redhat.com/errata/RHSA-2015-1218.html

rhn.redhat.com/errata/RHSA-2015-1219.html

www.debian.org/security/2015/dsa-3344

www.openwall.com/lists/oss-security/2015/06/16/12

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/75244

www.securitytracker.com/id/1032709

bugs.php.net/bug.php?id=69719

7.6 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.7%

Related for CVELIST:CVE-2015-4598

f52 nessus26 ubuntucve1 prion1 nvd1 cve1 openvas22 mageia1 securityvulns3 debian3 osv2 redhat5 oraclelinux4 suse5 ibm5 veracode7 ubuntu1 centos2 cloudlinux1 rosalinux1