5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator
class accepts filenames with embedded \0
byte and treats them as terminating at that byte.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php73-php | eq | 7.3.11__1.el7 |
lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/
access.redhat.com/errata/RHSA-2020:5275
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=78863
lists.debian.org/debian-lts-announce/2019/12/msg00034.html
lists.fedoraproject.org/archives/list/[email protected]/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
lists.fedoraproject.org/archives/list/[email protected]/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
seclists.org/bugtraq/2020/Feb/27
seclists.org/bugtraq/2020/Feb/31
seclists.org/bugtraq/2021/Jan/3
security.netapp.com/advisory/ntap-20200103-0002/
usn.ubuntu.com/4239-1/
www.debian.org/security/2020/dsa-4626
www.debian.org/security/2020/dsa-4628
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N