PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
References
Link | Resource |
---|---|
http://bugs.php.net/bug.php?id=41492 | Vendor Advisory |
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html | Mailing List Third Party Advisory |
http://osvdb.org/36084 | Broken Link |
http://secunia.com/advisories/25456 | Vendor Advisory |
http://secunia.com/advisories/26048 | Vendor Advisory |
http://secunia.com/advisories/26231 | Vendor Advisory |
http://secunia.com/advisories/27102 | Vendor Advisory |
http://secunia.com/advisories/27110 | Vendor Advisory |
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml | Third Party Advisory |
http://www.php.net/releases/5_2_3.php | Vendor Advisory |
http://www.securityfocus.com/bid/24259 | Third Party Advisory VDB Entry |
http://www.trustix.org/errata/2007/0023/ | Broken Link |
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html | Third Party Advisory |
Configurations
History
29 Aug 2022, 20:07
Type | Values Removed | Values Added |
---|---|---|
References | (TRUSTIX) http://www.trustix.org/errata/2007/0023/ - Broken Link | |
References | (CONFIRM) http://www.php.net/releases/5_2_3.php - Vendor Advisory | |
References | (CONFIRM) http://bugs.php.net/bug.php?id=41492 - Vendor Advisory | |
References | (OSVDB) http://osvdb.org/36084 - Broken Link | |
References | (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/24259 - Third Party Advisory, VDB Entry | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html - Third Party Advisory | |
CPE | cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:* |
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
Information
Published : 2007-06-04 17:30
Updated : 2023-12-10 10:40
NVD link : CVE-2007-3007
Mitre link : CVE-2007-3007
CVE.ORG link : CVE-2007-3007
JSON object : View
Products Affected
php
- php
CWE
CWE-264
Permissions, Privileges, and Access Controls