CVE-2007-4663

2007-09-05 00:17:00 2017-07-29 03:33:05

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

PHP 5.2.3

Php - Php

Advisory	Patch	Confirmed	Link
			https://issues.rpath.com/browse/RPL-1702
			https://issues.rpath.com/browse/RPL-1693
			php-glob-security-bypass(36386)
			ADV-2007-3023
			http://www.php.net/releases/5_2_4.php
			http://www.php.net/ChangeLog-5.php#5.2.4
			GLSA-200710-02

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)