CVE-2008-1734

2008-04-1815:05:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

AI Score

6.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Affected configurations

Nvd

Node

gentoolinux

AND

gentoophp_toolkitRange≤1.0rc1

gentoophp_toolkitMatch1.0

gentoophp_toolkitMatch1.0rc2

VendorProductVersionCPE
gentoolinux*cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
gentoophp_toolkit*cpe:2.3:a:gentoo:php_toolkit:*:rc1:*:*:*:*:*:*
gentoophp_toolkit1.0cpe:2.3:a:gentoo:php_toolkit:1.0:*:*:*:*:*:*:*
gentoophp_toolkit1.0cpe:2.3:a:gentoo:php_toolkit:1.0:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
gentoo	linux	*	cpe:2.3:o:gentoo:linux::::::::
gentoo	php_toolkit	*	cpe:2.3:a:gentoo:php_toolkit::rc1::::::*
gentoo	php_toolkit	1.0	cpe:2.3:a:gentoo:php_toolkit:1.0:::::::*
gentoo	php_toolkit	1.0	cpe:2.3:a:gentoo:php_toolkit:1.0:rc2::::::