| ID |
CVE-2003-0863
|
| Summary |
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
-
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 30-10-2018 - 16:25) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bugtraq | 20030716 PHP safe mode broken? |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2008-06-30 | | organization | Red Hat | | statement | Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. The PHP packages in Red Hat Enterprise Linux 3 contain a backported patch to address this issue since release.
The issue was fixed upstream in PHP 4.3.3. The PHP packages in Red Hat Enterprise Linux 4 and 5 are based on fixed upstream versions.
|
|
| Last major update |
30-10-2018 - 16:25 |
| Published |
17-11-2003 - 05:00 |
| Last modified |
30-10-2018 - 16:25 |
