CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
5.1%
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
Vendor | Product | Version | CPE |
---|---|---|---|
gentoo | linux | * | cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:* |
gentoo | php_toolkit | * | cpe:2.3:a:gentoo:php_toolkit:*:rc1:*:*:*:*:*:* |
gentoo | php_toolkit | 1.0 | cpe:2.3:a:gentoo:php_toolkit:1.0:*:*:*:*:*:*:* |
gentoo | php_toolkit | 1.0 | cpe:2.3:a:gentoo:php_toolkit:1.0:rc2:*:*:*:*:*:* |