Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-1171

Опубликовано: 13 мар. 2012
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

Отчет

We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Application Stack v2 for Enterprise LinuxphpNot affected
Red Hat Enterprise Linux 4phpNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected

Показывать по

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=802591php: libxml RSHUTDOWN function disables the hooks which are used to implement open_basedir

EPSS

Процентиль: 42%
0.00198
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu
больше 11 лет назад

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

nvd
больше 11 лет назад

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

debian
больше 11 лет назад

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to by ...

github
около 3 лет назад

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

CVSS3: 3.7
fstec
больше 11 лет назад

Уязвимость функции rshutdown интерпретатора языка программирования PHP , позволяющая нарушителю читать произвольные файлы

EPSS

Процентиль: 42%
0.00198
Низкий

5 Medium

CVSS2