Lucene search
PRIOn knowledge basePRION:CVE-2007-1835HistoryApr 03, 2007 - 12:19 a.m.
Design/Logic Flaw
2007-04-0300:19:00
PRIOn knowledge base
www.prio-n.com
4
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
References
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
secunia.com/advisories/25423
secunia.com/advisories/25850
www.php-security.org/MOPB/MOPB-36-2007.html
www.securityfocus.com/bid/23183
www.vupen.com/english/advisories/2007/1991
www.vupen.com/english/advisories/2007/2374
exchange.xforce.ibmcloud.com/vulnerabilities/33550
Related
ubuntucve
ubuntucve
CVE-2007-1835
2007-04-03 00:00:00
cvelist
cvelist
CVE-2007-1835
2007-04-03 00:00:00
redhatcve
redhatcve
CVE-2007-1835
2015-10-30 09:26:30
cve
cve
CVE-2007-1835
2007-04-03 00:19:00
securityvulns
securityvulns
PHP session.save_path open_basedir protection bypass
2007-03-31 00:00:00
nvd
nvd
CVE-2007-1835
2007-04-03 00:19:00
openvas
openvas
PHP < 4.4.5 Multiple Vulnerabilities
2012-06-21 00:00:00
PHP < 4.4.5 Multiple Vulnerabilities
2020-08-17 00:00:00
PHP < 5.2.1 Multiple Vulnerabilities
2012-06-21 00:00:00
nessus
nessus
PHP < 4.4.5 Multiple Vulnerabilities
2007-04-02 00:00:00
PHP < 5.2.1 Multiple Vulnerabilities
2007-04-02 00:00:00