| Vulnerability Name: | CVE-2007-3378 (CCN-35102) | ||||||||
| Assigned: | 2007-06-27 | ||||||||
| Published: | 2007-06-27 | ||||||||
| Updated: | 2020-09-18 | ||||||||
| Summary: | The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-3378 Source: CCN Type: Apple Web site About Security Update 2008-002 Source: CONFIRM Type: Third Party Advisory http://docs.info.apple.com/article.html?artnum=307562 Source: CCN Type: HP Security Bulletin HPSBUX02332 SSRT080056 rev.1 HP-UX running Apache with PHP, Remote Denial of Service (DoS), Gain Extended Privileges Source: HP Type: Broken Link SSRT080010 Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2008-03-18 Source: FULLDISC Type: UNKNOWN 20200918 Apache + PHP <= 7.4.10 open_basedir bypass Source: CCN Type: SA26642 PHP Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 26642 Source: SECUNIA Type: Third Party Advisory 26822 Source: SECUNIA Type: Third Party Advisory 26838 Source: SECUNIA Type: Third Party Advisory 27102 Source: SECUNIA Type: Third Party Advisory 27377 Source: CCN Type: SA27648 PHP Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 27648 Source: CCN Type: SA28318 PHP Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 28318 Source: SECUNIA Type: Third Party Advisory 28750 Source: SECUNIA Type: Third Party Advisory 28936 Source: CCN Type: SA29420 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 29420 Source: SECUNIA Type: Third Party Advisory 30040 Source: MISC Type: Third Party Advisory http://securityreason.com/achievement_exploitalert/9 Source: CCN Type: SecurityReason Advisory, SecurityAlert : 45 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Source: SREASONRES Type: Exploit, Third Party Advisory 20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Source: CCN Type: SecurityReason Advisory, SecurityAlert : 47 PHP 5.2.4 mail.force_extra_parameters unsecure Source: SREASON Type: Exploit, Third Party Advisory 2831 Source: SREASON Type: Exploit, Third Party Advisory 3389 Source: SLACKWARE Type: Mailing List, Third Party Advisory SSA:2008-045-03 Source: CCN Type: ASA-2008-053 HP-UX Running Apache Remote Execution of Arbitrary Code (HPSBUX02308) Source: CCN Type: ASA-2008-198 HP-UX running Apache with PHP Remote Denial of Service (DoS) Gain Extended Privileges (HPSBUX02332) Source: CCN Type: GLSA-200710-02 PHP: Multiple vulnerabilities Source: GENTOO Type: Third Party Advisory GLSA-200710-02 Source: MLIST Type: UNKNOWN [oss-security] 20200917 Apache + PHP <= 7.4.10 open_basedir bypass Source: OSVDB Type: Broken Link 38682 Source: CCN Type: OSVDB ID: 36869 PHP Multiple Function .htaccess php_value Directive Arbitrary Command Execution Source: CCN Type: OSVDB ID: 38682 PHP .htaccess mail.force_extra_parameters Directive Modification Source: CCN Type: PHP Web site PHP: Hypertext Preprocessor Source: CONFIRM Type: Patch, Vendor Advisory http://www.php.net/ChangeLog-4.php Source: CONFIRM Type: Patch, Vendor Advisory http://www.php.net/ChangeLog-5.php#5.2.4 Source: CONFIRM Type: Patch, Vendor Advisory http://www.php.net/ChangeLog-5.php#5.2.5 Source: CONFIRM Type: Patch, Vendor Advisory http://www.php.net/releases/4_4_8.php Source: CONFIRM Type: Patch, Vendor Advisory http://www.php.net/releases/5_2_4.php Source: CONFIRM Type: Patch, Vendor Advisory http://www.php.net/releases/5_2_5.php Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20070627 PHP 4/5 htaccess safemode and open_basedir Bypass Source: HP Type: Third Party Advisory, VDB Entry SSRT080056 Source: BID Type: Patch, Third Party Advisory, VDB Entry 24661 Source: CCN Type: BID-24661 PHP .Htaccess Safe_Mode and Open_Basedir Restriction-Bypass Vulnerability Source: BID Type: Patch, Third Party Advisory, VDB Entry 25498 Source: CCN Type: BID-25498 PHP 5.2.3 and Prior Versions Multiple Vulnerabilities Source: TRUSTIX Type: Broken Link 2007-0026 Source: VUPEN Type: Permissions Required, Third Party Advisory ADV-2007-3023 Source: VUPEN Type: Permissions Required, Third Party Advisory ADV-2008-0059 Source: VUPEN Type: Permissions Required, Third Party Advisory ADV-2008-0398 Source: VUPEN Type: Permissions Required, Third Party Advisory ADV-2008-0924 Source: XF Type: Third Party Advisory, VDB Entry php-htaccess-security-bypass(35102) Source: XF Type: UNKNOWN php-htaccess-security-bypass(35102) Source: XF Type: Third Party Advisory, VDB Entry php-sessionsavepath-errorlog-security-bypass(39403) Source: CONFIRM Type: Broken Link https://issues.rpath.com/browse/RPL-1693 Source: CONFIRM Type: Broken Link https://issues.rpath.com/browse/RPL-1702 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:6056 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||