CVE-2004-1064

Current Description

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

Vulnerable Software List

This CVE contains no version information.

References

NameSourceURLTags
CLA-2005:915http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915CONECTIVA
GLSA-200412-14http://www.gentoo.org/security/en/glsa/glsa-200412-14.xmlGENTOO
http://www.hardened-php.net/advisories/012004.txthttp://www.hardened-php.net/advisories/012004.txtMISC
MDKSA-2004:151http://www.mandriva.com/security/advisories?name=MDKSA-2004:151MANDRAKE
MDKSA-2005:072http://www.mandriva.com/security/advisories?name=MDKSA-2005:072MANDRAKE
http://www.php.net/release_4_3_10.phphttp://www.php.net/release_4_3_10.phpCONFIRM
HPSBMA01212http://www.securityfocus.com/advisories/9028HP
20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5http://www.securityfocus.com/archive/1/384545BUGTRAQ
11964http://www.securityfocus.com/bid/11964BID
php-realpath-safemode-bypass(18512)https://exchange.xforce.ibmcloud.com/vulnerabilities/18512XF
USN-99-1https://www.ubuntu.com/usn/usn-99-1/UBUNTU
USN-99-2https://www.ubuntu.com/usn/usn-99-2/UBUNTU