|
|
CVE Reference: CVE-2007-3007 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3007 |
|
|
Description: PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. |
|
|
CVE Status: Candidate |
|
|
References: TRUSTIX http://www.trustix.org/errata/2007/0023/ SUSE http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html SAID Secunia Advisory: SA25456 Secunia Advisory: SA26048 Secunia Advisory: SA26231 Secunia Advisory: SA27110 Secunia Advisory: SA27102 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml FEDORA CONFIRM http://www.php.net/releases/5_2_3.php http://bugs.php.net/bug.php?id=41492 BID 24259 |
|
| Return to the previous page. |
