Lucene search
Ubuntu.comUB:CVE-2010-1130HistoryMar 26, 2010 - 12:00 a.m.
CVE-2010-1130
2010-03-2600:00:00
ubuntu.com
ubuntu.com
11
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.032 Low
EPSS
Percentile
91.1%
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does
not properly interpret ; (semicolon) characters in the argument to the
session_save_path function, which allows context-dependent attackers to
bypass open_basedir and safe_mode restrictions via an argument that
contains multiple ; characters in conjunction with a … (dot dot).
Notes
| Author | Note |
|---|---|
| mdeslaur | actually fixed in 5.3.2 open_basedir and safe_mode issue dapper doesn’t try and strip ; chars, so not vulnerable |
Related
prion
prion
Design/Logic Flaw
2010-03-26 20:30:00
cve
cve
CVE-2010-1130
2010-03-26 20:30:00
nessus
nessus
PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities
2010-02-26 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2010:058)
2010-03-11 00:00:00
openvas
openvas
Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)
2010-02-15 00:00:00
Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)
2010-02-15 00:00:00
Ubuntu Update for php5 vulnerabilities USN-989-1
2010-09-22 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2010-09-20 00:00:00
securityvulns
securityvulns
[USN-989-1] PHP vulnerabilities
2010-09-27 00:00:00
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
2011-10-12 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.032 Low
EPSS
Percentile
91.1%
Related for UB:CVE-2010-1130