Oval Definition:oval:org.mitre.oval:def:6056
Revision Date:2015-04-20Version:25
Title:HP-UX Running Apache, Remote Execution of Arbitrary Code
Description:The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-3378
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02308
  • platforms
  • HP-UX B.11.23
  • OR HP-UX B.11.31
  • OR HP-UX B.11.11
  • AND hpuxwsAPACHE version is less than B.2.0.59.00.2
  • OR Criteria meets HP Security Bulletin HPSBUX02308
  • HP-UX B.11.11
  • AND hpuxwsAPACHE version is less than A.2.0.59.00.2
    • BACK