NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2005-3054

Summary	fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
Publication Date	Sept. 27, 2005, 4:03 a.m.
Registration Date	Jan. 29, 2021, 5:59 p.m.
Last Update	Oct. 4, 2018, 6:31 a.m.

CVSS2.0 : LOW
Score	2.1
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:php:php:4.4.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585	CONFIRM	Patch Vendor Advisory
2	http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html	TRUSTIX
3	http://secunia.com/advisories/17229	SECUNIA
4	http://secunia.com/advisories/17371	SECUNIA
5	http://secunia.com/advisories/17510	SECUNIA
6	http://secunia.com/advisories/17557	SECUNIA
7	http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml	GENTOO
8	http://www.mandriva.com/security/advisories?name=MDKSA-2005:213	MANDRIVA
9	http://www.php.net/release_4_4_1.php	CONFIRM
10	http://www.securityfocus.com/bid/14957	BID
11	http://www.vupen.com/english/advisories/2005/1862	VUPEN
12	http://www.vupen.com/english/advisories/2005/2254	VUPEN
13	https://usn.ubuntu.com/207-1/	UBUNTU

Common Vulnerabilities List