Published: 20/11/2007 Updated: 15/10/2018

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

PHP prior to 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php

Debian Bug report logs - #453295 CVE-2007-6039: possible DoS Package: php5-common; Maintainer for php5-common is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5-common is src:php5 (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Wed, 28 Nov 2007 12 ...

It was discovered that PHP did not properly enforce php_admin_value and php_admin_flag restrictions in the Apache configuration file A local attacker could create a specially crafted PHP script that would bypass intended security restrictions This issue only applied to Ubuntu 606 LTS, 710, and 804 LTS (CVE-2007-5900) ...

CWE-264 http://bugs.php.net/bug.php?id=41561 http://www.php.net/ChangeLog-5.php#5.2.5 http://www.php.net/releases/5_2_5.php http://securitytracker.com/id?1018934 http://secunia.com/advisories/27648 https://issues.rpath.com/browse/RPL-1943 http://secunia.com/advisories/27659 http://secunia.com/advisories/30040 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 http://www.securityfocus.com/archive/1/491693/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453295 https://usn.ubuntu.com/720-1/https://nvd.nist.gov

CVE-2007-5900

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect