Published: 31/12/2004 Updated: 11/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

PHP 4.0 with cURL functions allows remote malicious users to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.0
php php 4.0.1
php php 4.0.5
php php 4.0.6
php php 4.0.2
php php 4.0.3
php php 4.0.7
php php 4.0.4

Synopsis PHP security update Type/Severity Security Advisory: Moderate Topic Updated PHP packages that fix various security issues are now availableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description PHP is an HTML-embedded script ...

source: wwwsecurityfocuscom/bid/11557/info It is reported that cURL allows malicious users to bypass 'open_basedir' restrictions in PHP scripts This issue is due to a failure of the cURL module to properly enforce PHPs 'open_basedir' restriction Users with the ability to create or modify PHP scripts on a server computer hosting the vul ...

NVD-CWE-Other https://bugzilla.fedora.us/show_bug.cgi?id=2344 http://www.redhat.com/support/errata/RHSA-2005-405.html http://www.securityfocus.com/bid/11557 http://securitytracker.com/id?1011984 http://www.redhat.com/support/errata/RHSA-2005-406.html http://marc.info/?l=bugtraq&m=109898213806099&w=2 http://marc.info/?l=bugtraq&m=110625060220934&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9279 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2005:406 https://www.exploit-db.com/exploits/24711/

CVE-2004-1392

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect