Lucene search
Ubuntu.comUB:CVE-2006-4483HistoryAug 31, 2006 - 12:00 a.m.
CVE-2006-4483
2006-08-3100:00:00
ubuntu.com
ubuntu.com
10
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.4%
The cURL extension files (1) ext/curl/interface.c and (2)
ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION
option when open_basedir or safe_mode is enabled, which allows attackers to
perform unauthorized actions, possibly related to the realpath cache.
Notes
| Author | Note |
|---|---|
| kees | safe-mode bypass is not supported |
Related
cve
cve
CVE-2006-4483
2006-08-31 21:04:00
nessus
nessus
SUSE-SA:2006:052: php4,php5
2007-02-18 00:00:00
PHP 5.1.x < 5.1.5 Multiple Vulnerabilities
2011-11-18 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2006-08-18 00:00:00
openvas
openvas
FreeBSD Ports: php4, php5
2008-09-04 00:00:00
PHP Version 5.1.x < 5.1.5 Multiple Vulnerabilities
2012-06-21 00:00:00
suse
suse
remote code execution in php4,php5
2006-09-21 10:05:51
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.4%
Related for UB:CVE-2006-4483