|
|
CVE Reference: CVE-2008-2666 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-2666 |
|
|
Description: Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/43198 ST 1020328 SREASONRES http://securityreason.com/achievement_securityalert/55 SREASON http://securityreason.com/securityalert/3942 SAID Secunia Advisory: SA35650 Secunia Advisory: SA35074 HP http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://marc.info/?l=bugtraq&m=124654546101607&w=2 CONFIRM http://support.apple.com/kb/HT3549 http://wiki.rpath.com/Advisories:rPSA-2009-0035 CERT http://www.us-cert.gov/cas/techalerts/TA09-133A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded BID 29796 APPLE http://lists.apple.com/archives/security-announce/2009/May/msg00002.html |
|
| Return to the previous page. |
