CVE-2007-3378

Severity

68%

Complexity

86%

Confidentiality

106%

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 17 years ago

2007-06-29 18:30:00

Last updated 5 years ago

2019-10-09 22:53:00

Affected Software

PHP PHP

References

http://docs.info.apple.com/article.html?artnum=307562

Third Party Advisory

SSRT080010

Broken Link

APPLE-SA-2008-03-18

Mailing List, Third Party Advisory

26642

Third Party Advisory

26822

Third Party Advisory

26838

Third Party Advisory

27102

Third Party Advisory

27377

Third Party Advisory

27648

Third Party Advisory

28318

Third Party Advisory

28750

Third Party Advisory

28936

Third Party Advisory

29420

Third Party Advisory

30040

Third Party Advisory

http://securityreason.com/achievement_exploitalert/9

Third Party Advisory

20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass

Exploit, Third Party Advisory

2831

Exploit, Third Party Advisory

3389

Exploit, Third Party Advisory

SSA:2008-045-03

Mailing List, Third Party Advisory

GLSA-200710-02

Third Party Advisory

38682

Broken Link

http://www.php.net/ChangeLog-4.php

Patch, Vendor Advisory

http://www.php.net/ChangeLog-5.php#5.2.4

Patch, Vendor Advisory

http://www.php.net/ChangeLog-5.php#5.2.5

Patch, Vendor Advisory

http://www.php.net/releases/4_4_8.php

Patch, Vendor Advisory

http://www.php.net/releases/5_2_4.php

Patch, Vendor Advisory

http://www.php.net/releases/5_2_5.php

Patch, Vendor Advisory

20070627 PHP 4/5 htaccess safemode and open_basedir Bypass

Third Party Advisory, VDB Entry

SSRT080056

Third Party Advisory, VDB Entry

24661

Patch, Third Party Advisory, VDB Entry

25498

Patch, Third Party Advisory, VDB Entry

2007-0026

Broken Link

ADV-2007-3023

Permissions Required, Third Party Advisory

ADV-2008-0059

Permissions Required, Third Party Advisory

ADV-2008-0398

Permissions Required, Third Party Advisory

ADV-2008-0924

Permissions Required, Third Party Advisory

php-htaccess-security-bypass(35102)

Third Party Advisory, VDB Entry

php-sessionsavepath-errorlog-security-bypass(39403)

Third Party Advisory, VDB Entry

https://issues.rpath.com/browse/RPL-1693

Broken Link

https://issues.rpath.com/browse/RPL-1702

Broken Link

oval:org.mitre.oval:def:6056

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.