Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2004-1064

Published: 10/01/2005 Updated: 08/12/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Php

Vulnerability Summary

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow malicious users to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

canonical ubuntu linux 4.10

Vendor Advisories

Ubuntu Security Notice: php4 vulnerabilities
Stefano Di Paola discovered integer overflows in PHP’s pack() and unpack() functions A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter (CAN-2004-1018) ...
Ubuntu Security Notice: php4 vulnerabilities
USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath() function (CAN-2004-1064) However, this caused severe regressions, some applications like SquirrelMail and Gallery did not work any more, and the package ...

References

NVD-CWE-noinfohttp://www.securityfocus.com/archive/1/384545http://www.hardened-php.net/advisories/012004.txthttp://www.php.net/release_4_3_10.phphttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915http://www.gentoo.org/security/en/glsa/glsa-200412-14.xmlhttp://www.securityfocus.com/bid/11964http://www.securityfocus.com/advisories/9028http://www.mandriva.com/security/advisories?name=MDKSA-2004:151http://www.mandriva.com/security/advisories?name=MDKSA-2005:072https://www.ubuntu.com/usn/usn-99-1/https://www.ubuntu.com/usn/usn-99-2/https://exchange.xforce.ibmcloud.com/vulnerabilities/18512https://nvd.nist.govhttps://usn.ubuntu.com/99-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook