Lucene search

K

[email protected]NVD:CVE-2006-4481

HistoryAug 31, 2006 - 9:04 p.m.

CVE-2006-4481

2006-08-3121:04:00

[email protected]

web.nvd.nist.gov

6

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0.13

Percentile

95.5%

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.

Affected configurations

Nvd

Node

phpphpMatch5.1.0

OR

phpphpMatch5.1.1

OR

phpphpMatch5.1.2

OR

phpphpMatch5.1.4

References

secunia.com/advisories/21546

secunia.com/advisories/21768

secunia.com/advisories/21842

secunia.com/advisories/22039

www.mandriva.com/security/advisories?name=MDKSA-2006:162

www.novell.com/linux/security/advisories/2006_52_php.html

www.php.net/release_5_1_5.php

www.securityfocus.com/bid/19582

www.ubuntu.com/usn/usn-342-1

www.vupen.com/english/advisories/2006/3318

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0.13

Percentile

95.5%

Related for NVD:CVE-2006-4481

ubuntucve3 cve3 redhatcve2 cvelist3 securityvulns2 nvd2 seebug1 prion1 openvas7 nessus9 ubuntu2 freebsd1 suse1