| ID |
CVE-2007-0448
|
| Summary |
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 10.0 (as of 11-09-2008 - 00:49) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 22261 | | sreason | 2175 | | sreasonres | 20070125 PHP 5.2.0 safe_mode bypass (by Writing Mode) |
|
| statements
via4
|
| contributor | Vincent Danen | | lastmodified | 2007-09-21 | | organization | Mandriva | | statement | Due to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group’s stance on these features, Mandriva does not consider this a security issue. |
| contributor | Mark J Cox | | lastmodified | 2007-05-29 | | organization | Red Hat | | statement | We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
and http://www.php.net/security-note.php
|
|
| Last major update |
11-09-2008 - 00:49 |
| Published |
24-05-2007 - 18:30 |
| Last modified |
11-09-2008 - 00:49 |
