Vulnerability CVE-2000-0860 - CERT Civis.Net

Vulnerability Name:

CVE-2000-0860 (CCN-5190)

Assigned:

2000-09-04

Published:

2000-09-04

Updated:

2017-10-10

Summary:

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

CVSS v3 Severity:

4.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.5 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

File Manipulation

References:

Source: BUGTRAQ
Type: Vendor Advisory
20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload

Source: BUGTRAQ
Type: UNKNOWN
20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload

Source: CCN
Type: BugTraq Mailing List, Mon Sep 04 2000 - 17:35:03 CDT
Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2000:048

Source: MITRE
Type: CNA
CVE-2000-0860

Source: CCN
Type: PHP CVS Repository
RCS file: /repository/php4/main/rfc1867.c,v

Source: CONFIRM
Type: UNKNOWN
http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u

Source: CCN
Type: OSVDB ID: 412
PHP File Upload Capability Hidden Form Field Modification Arbitrary File Access

Source: CCN
Type: PHP Manual
Chapter 19. Handling file uploads

Source: CCN
Type: Secure Reality Pty Ltd. Security Advisory #01 (SRADV00001)
Arbitrary file disclosure through PHP file upload

Source: BID
Type: Exploit, Vendor Advisory
1649

Source: CCN
Type: BID-1649
PHP Upload Arbitrary File Disclosure Vulnerability

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2000:048
mod_php3

Source: XF
Type: UNKNOWN
php-file-upload(5190)

Source: XF
Type: UNKNOWN
php-file-upload(5190)

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:*:*:*:*:*:*:*:*

Denotes that component is vulnerable