Lucene search

K
nvd[email protected]NVD:CVE-2014-3981
HistoryJun 08, 2014 - 6:55 p.m.

CVE-2014-3981

2014-06-0818:55:06
CWE-59
web.nvd.nist.gov
6

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.2%

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.

Affected configurations

Nvd
Node
phpphpRange<5.3.29
OR
phpphpRange5.4.05.4.30
OR
phpphpRange5.5.05.5.14
VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.2%