Published: 09/03/2019 Updated: 03/06/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in PHP prior to 7.1.27, 7.2.x prior to 7.2.16, and 7.3.x prior to 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
canonical ubuntu linux 12.04
opensuse leap 42.3
netapp storage automation store -

Synopsis Moderate: php:72 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the php:72 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Critical: rh-php72-php security update Type/Severity Security Advisory: Critical Topic An update for rh-php72-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...

Several security issues were fixed in PHP ...

An issue was discovered in PHP before 7127, 72x before 7216, and 73x before 733 Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data(CVE-2019-9637) An issue was discove ...

Impact: Moderate Public Date: 2019-02-18 CWE: CWE-266 Bugzilla: 1688897: CVE-2019-9637 php: rename func ...

CWE-264 https://bugs.php.net/bug.php?id=77630 https://www.debian.org/security/2019/dsa-4403 https://usn.ubuntu.com/3922-1/https://support.f5.com/csp/article/K53825211 https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html https://usn.ubuntu.com/3922-2/https://usn.ubuntu.com/3922-3/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html https://security.netapp.com/advisory/ntap-20190502-0007/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://www.tenable.com/security/tns-2019-07 https://access.redhat.com/errata/RHSA-2020:1624 https://nvd.nist.gov https://usn.ubuntu.com/3922-1/

CVE-2019-9637

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect