CVE-2007-3378 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2007-3378

CVE-2007-3378

June 29, 2007

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

Related Resources (44)

http://www.osvdb.org/38682

http://seclists.org/fulldisclosure/2020/Sep/34

http://www.securityfocus.com/archive/1/472343/100/0/threaded

http://www.php.net/releases/4_4_8.php

https://exchange.xforce.ibmcloud.com/vulnerabilities/35102

http://secunia.com/advisories/27102

http://www.php.net/ChangeLog-5.php#5.2.5

http://www.vupen.com/english/advisories/2008/0398

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056

http://secunia.com/advisories/28750

http://www.php.net/ChangeLog-4.php

http://secunia.com/advisories/26838

http://www.securityfocus.com/archive/1/491693/100/0/threaded

http://secunia.com/advisories/26642

http://securityreason.com/achievement_securityalert/45

http://www.vupen.com/english/advisories/2008/0059

http://docs.info.apple.com/article.html?artnum=307562

http://secunia.com/advisories/30040

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136

http://securityreason.com/securityalert/2831

https://exchange.xforce.ibmcloud.com/vulnerabilities/39403

http://securityreason.com/achievement_exploitalert/9

http://www.trustix.org/errata/2007/0026/

http://secunia.com/advisories/27377

https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3378

http://securityreason.com/securityalert/3389

https://issues.rpath.com/browse/RPL-1693

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://www.php.net/releases/5_2_4.php

https://issues.rpath.com/browse/RPL-1702

http://www.php.net/ChangeLog-5.php#5.2.4

http://www.securityfocus.com/bid/24661

http://secunia.com/advisories/27648

http://secunia.com/advisories/28936

http://secunia.com/advisories/26822

http://secunia.com/advisories/29420

http://www.securityfocus.com/bid/25498

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

http://www.php.net/releases/5_2_5.php

http://www.vupen.com/english/advisories/2008/0924/references

http://secunia.com/advisories/28318

http://www.vupen.com/english/advisories/2007/3023

http://www.openwall.com/lists/oss-security/2020/09/17/3

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

6.8

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

EPSS

Base Score:

3.06