Computer Security
[EN] securityvulns.ru no-pyccku


PHP compress.bzip2:// URL safe mode protection bypass
Published:17.03.2007
Source:
SecurityVulns ID:7420
Type:local
Threat Level:
5/10
Description:Safe mode and open_basedir limitations are not checked.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.)
Original documentdocumentPHP-SECURITY, MOPB-21-2007:PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability (17.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod