CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
85.6%
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5
allows context-dependent attackers to bypass safe_mode and open_basedir
restrictions and read arbitrary files via a file:// request containing a
\x00 sequence, a different vulnerability than CVE-2006-2563.
Author | Note |
---|---|
jdstrand | safe mode and open_basedir. Dapper not affected (code does not exist) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 7.04 | noarch | php5 | < 5.2.1-0ubuntu1.6 | UNKNOWN |
ubuntu | 7.10 | noarch | php5 | < 5.2.3-1ubuntu6.4 | UNKNOWN |
ubuntu | 8.04 | noarch | php5 | < 5.2.4-2ubuntu5.3 | UNKNOWN |
ubuntu | 8.10 | noarch | php5 | < 5.2.6-1ubuntu4 | UNKNOWN |
ubuntu | 9.04 | noarch | php5 | < 5.2.6-1ubuntu4 | UNKNOWN |
ubuntu | 9.10 | noarch | php5 | < 5.2.6-1ubuntu4 | UNKNOWN |