4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.1%
PHP project reports:
Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent
Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial
multibyte sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob()
functions. Reported by Laurent Gaffie.
Fixed “mail.force_extra_parameters” php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported
by SecurityReason.
Fixed bug #42869 (automatic session id insertion adds sessions
id to non-local forms).
Fixed bug #41561 (Values set with php_admin_* in httpd.conf can
be overwritten with ini_set()).