CVE-2007-1710

{"id": "CVE-2007-1710", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-27T01:19:00.000", "references": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25423", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25850", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1991", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2374", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3573", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25423", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25850", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1991", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2374", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/3573", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a \"php://../../\" sequence."}, {"lang": "es", "value": "La funci\u00f3n readfile de PHP 4.4.4, 5.1.6, Y 5.2.1 permite a usuarios locales o remotos dependiendo del contexto evitar las restricciones del modo seguro (safe_mode) y leer archivos de su elecci\u00f3n haciendo referencia a archivos locales con una determinada sintaxis de tipo URL en lugar de una sintaxis de nombre de ruta, como se ha demostrado mediante un nombre de archivo precedido por una secuencia \"php://../../\"."}], "lastModified": "2024-11-21T00:28:58.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71AEE8B4-FCF8-483B-8D4C-2E80A02E925E"}, {"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87"}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"}], "operator": "OR"}]}], "vendorComments": [{"comment": "We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1\nand http://www.php.net/security-note.php\n", "lastModified": "2007-04-17T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}