Lucene search

[email protected]NVD:CVE-2011-1144

HistoryMar 03, 2011 - 1:00 a.m.

CVE-2011-1144

2011-03-0301:00:01

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.1

Confidence

Low

EPSS

Percentile

15.7%

JSON

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

Affected configurations

Nvd

Node

phppearRange≤1.9.2

phppearMatch0.2.2

phppearMatch0.9

phppearMatch0.10

phppearMatch0.11

phppearMatch0.90

phppearMatch1.0

phppearMatch1.0.1

phppearMatch1.1

phppearMatch1.2

phppearMatch1.2.1

phppearMatch1.3

phppearMatch1.3.1

phppearMatch1.3.3

phppearMatch1.3.3.1

phppearMatch1.3.4

phppearMatch1.3.5

phppearMatch1.3.6

phppearMatch1.4.0

phppearMatch1.4.0rc1

phppearMatch1.4.0rc2

phppearMatch1.4.1

phppearMatch1.4.2

phppearMatch1.5.0

phppearMatch1.5.1

phppearMatch1.6.1

phppearMatch1.9.1

VendorProductVersionCPE
phppear*cpe:2.3:a:php:pear:*:*:*:*:*:*:*:*
phppear0.2.2cpe:2.3:a:php:pear:0.2.2:*:*:*:*:*:*:*
phppear0.9cpe:2.3:a:php:pear:0.9:*:*:*:*:*:*:*
phppear0.10cpe:2.3:a:php:pear:0.10:*:*:*:*:*:*:*
phppear0.11cpe:2.3:a:php:pear:0.11:*:*:*:*:*:*:*
phppear0.90cpe:2.3:a:php:pear:0.90:*:*:*:*:*:*:*
phppear1.0cpe:2.3:a:php:pear:1.0:*:*:*:*:*:*:*
phppear1.0.1cpe:2.3:a:php:pear:1.0.1:*:*:*:*:*:*:*
phppear1.1cpe:2.3:a:php:pear:1.1:*:*:*:*:*:*:*
phppear1.2cpe:2.3:a:php:pear:1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	pear	*	cpe:2.3:a:php:pear::::::::
php	pear	0.2.2	cpe:2.3:a:php:pear:0.2.2:::::::*
php	pear	0.9	cpe:2.3:a:php:pear:0.9:::::::*
php	pear	0.10	cpe:2.3:a:php:pear:0.10:::::::*
php	pear	0.11	cpe:2.3:a:php:pear:0.11:::::::*
php	pear	0.90	cpe:2.3:a:php:pear:0.90:::::::*
php	pear	1.0	cpe:2.3:a:php:pear:1.0:::::::*
php	pear	1.0.1	cpe:2.3:a:php:pear:1.0.1:::::::*
php	pear	1.1	cpe:2.3:a:php:pear:1.1:::::::*
php	pear	1.2	cpe:2.3:a:php:pear:1.2:::::::*