Описание
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
Отчет
We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Application Stack v2 for Enterprise Linux | php | Not affected | ||
Red Hat Enterprise Linux 4 | php | Not affected | ||
Red Hat Enterprise Linux 5 | php | Not affected | ||
Red Hat Enterprise Linux 5 | php53 | Not affected | ||
Red Hat Enterprise Linux 6 | php | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to by ...
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
Уязвимость функции rshutdown интерпретатора языка программирования PHP , позволяющая нарушителю читать произвольные файлы
EPSS
5 Medium
CVSS2