Lucene search

PRIOn knowledge basePRION:CVE-2011-0754

HistoryFeb 02, 2011 - 10:00 p.m.

Cross site scripting

2011-02-0222:00:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.9%

JSON

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

CPENameOperatorVersion
phple5.3.3
phpeq1.0
phpeq2.0
phpeq2.0.0-b10
phpeq3.0
phpeq3.0.1
phpeq3.0.2
phpeq3.0.3
phpeq3.0.4
phpeq3.0.5

Name	Operator	Version
php	le	5.3.3
php	eq	1.0
php	eq	2.0
php	eq	2.0.0-b10
php	eq	3.0
php	eq	3.0.1
php	eq	3.0.2
php	eq	3.0.3
php	eq	3.0.4
php	eq	3.0.5

Rows per page:

1-10 of 691

References

bugs.php.net/51763

www.php.net/ChangeLog-5.php

exchange.xforce.ibmcloud.com/vulnerabilities/65429

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334

6.7 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for PRION:CVE-2011-0754