Lucene search
Ubuntu.comUB:CVE-2006-6383HistoryDec 10, 2006 - 12:00 a.m.
CVE-2006-6383
2006-12-1000:00:00
ubuntu.com
ubuntu.com
9
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.9%
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir
restrictions via a malicious path and a null byte before a “;” in a
session_save_path argument, followed by an allowed path, which causes a
parsing inconsistency in which PHP validates the allowed path but sets
session.save_path to the malicious path.
Related
securityvulns
securityvulns
PHP 5.2.0 session.save_path safe_mode and open_basedir bypass
2006-12-09 00:00:00
PHP safe_mode and open_basedir protection bypass
2006-12-09 00:00:00
cve
cve
CVE-2006-6383
2006-12-10 20:28:00
CVE-2007-0905
2007-02-13 23:28:00
nessus
nessus
Mandrake Linux Security Advisory : php (MDKSA-2007:038)
2007-02-18 00:00:00
openSUSE 10 Security Update : php5 (php5-2687)
2007-10-17 00:00:00
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 2684)
2007-12-13 00:00:00
openvas
openvas
Mandriva Update for php MDKSA-2007:038 (php)
2009-04-09 00:00:00
Mandriva Update for php MDKSA-2007:038 (php)
2009-04-09 00:00:00
SLES9: Security update for PHP4
2009-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2007-0905
2007-02-13 00:00:00
prion
prion
Design/Logic Flaw
2007-02-13 23:28:00
suse
suse
remote code execution in php4,php5
2007-03-15 12:12:23
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.9%
Related for UB:CVE-2006-6383