CVE-2008-1734

2008-04-1815:05:00

CWE-20

mitre

web.nvd.nist.gov

cve-2008-1734

php toolkit

gentoo linux

interpretation conflict

denial of service

php outage

apache http server

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

AI Score

6.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Affected configurations

Nvd

Node

gentoolinux

AND

gentoophp_toolkitRange≤1.0rc1

gentoophp_toolkitMatch1.0

gentoophp_toolkitMatch1.0rc2

VendorProductVersionCPE
gentoolinux*cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
gentoophp_toolkit*cpe:2.3:a:gentoo:php_toolkit:*:rc1:*:*:*:*:*:*
gentoophp_toolkit1.0cpe:2.3:a:gentoo:php_toolkit:1.0:*:*:*:*:*:*:*
gentoophp_toolkit1.0cpe:2.3:a:gentoo:php_toolkit:1.0:rc2:*:*:*:*:*:*

Vendor	Product	Version	CPE
gentoo	linux	*	cpe:2.3:o:gentoo:linux::::::::
gentoo	php_toolkit	*	cpe:2.3:a:gentoo:php_toolkit::rc1::::::*
gentoo	php_toolkit	1.0	cpe:2.3:a:gentoo:php_toolkit:1.0:::::::*
gentoo	php_toolkit	1.0	cpe:2.3:a:gentoo:php_toolkit:1.0:rc2::::::