Lucene search

[email protected]CVE-2007-1461

HistoryMar 14, 2007 - 6:19 p.m.

CVE-2007-1461

2007-03-1418:19:00

CWE-264

[email protected]

web.nvd.nist.gov

php

vulnerability

remote attackers

file access

security

nvd

cve-2007-1461

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7.4 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.

Affected configurations

NVD

Node

phpphpMatch5.0.0

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

Node

phpphpRange≤4.4.6

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

CPENameOperatorVersion
php:phpphpeq5.0.0
php:phpphpeq5.0.1
php:phpphpeq5.0.2
php:phpphpeq5.0.3
php:phpphpeq5.0.4
php:phpphpeq5.0.5
php:phpphpeq5.1.0
php:phpphpeq5.1.1
php:phpphpeq5.1.2
php:phpphpeq5.1.3

CPE	Name	Operator	Version
php:php	php	eq	5.0.0
php:php	php	eq	5.0.1
php:php	php	eq	5.0.2
php:php	php	eq	5.0.3
php:php	php	eq	5.0.4
php:php	php	eq	5.0.5
php:php	php	eq	5.1.0
php:php	php	eq	5.1.1
php:php	php	eq	5.1.2
php:php	php	eq	5.1.3