CVE-2004-1064

2005-01-1000:00:00

ubuntu.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.9%

JSON

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the
file path before passing the data to the realpath function, which could
allow attackers to bypass safe mode. NOTE: this issue was originally
REJECTed by its CNA before publication, but that decision is in active
dispute. This candidate may change significantly in the future as a result
of further discussion.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp4< 4.4.2-1build1UNKNOWN
ubuntu6.10noarchphp4< 4.4.2-1build1UNKNOWN
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.9UNKNOWN
ubuntu6.10noarchphp5< 5.1.6-1ubuntu2.6UNKNOWN
ubuntu7.04noarchphp5< 5.2.1-0ubuntu1.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	php4	< 4.4.2-1build1	UNKNOWN
ubuntu	6.10	noarch	php4	< 4.4.2-1build1	UNKNOWN
ubuntu	6.06	noarch	php5	< 5.1.2-1ubuntu3.9	UNKNOWN
ubuntu	6.10	noarch	php5	< 5.1.6-1ubuntu2.6	UNKNOWN
ubuntu	7.04	noarch	php5	< 5.2.1-0ubuntu1.4	UNKNOWN