Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2004-1064

Date: December 8, 2004

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Severity Score

Related Resources (15)

https://exchange.xforce.ibmcloud.com/vulnerabilities/18512
https://www.ubuntu.com/usn/usn-99-2/
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
https://people.canonical.com/~ubuntu-security/cve/CVE-2004-1064
http://www.php.net/release_4_3_10.php
http://www.securityfocus.com/archive/1/384545
http://www.securityfocus.com/advisories/9028
http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
https://nvd.nist.gov/vuln/detail/CVE-2004-1064
http://www.hardened-php.net/advisories/012004.txt
http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml
http://www.securityfocus.com/bid/11964
https://www.ubuntu.com/usn/usn-99-1/
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915
https://www.mend.io/vulnerability-database/CVE-2004-1064

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us