Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11045

Опубликовано: 22 дек. 2019
Источник: redhat
CVSS3: 5.9
EPSS Средний

Описание

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpOut of support scope
Red Hat Enterprise Linux 5php53Out of support scope
Red Hat Enterprise Linux 6phpOut of support scope
Red Hat Enterprise Linux 7phpWill not fix
Red Hat Enterprise Linux 8php:7.2/phpWill not fix
Red Hat Software Collectionsrh-php72-phpWill not fix
Red Hat Enterprise Linux 8phpFixedRHSA-2020:366208.09.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-php73-phpFixedRHSA-2020:527501.12.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-php73-phpFixedRHSA-2020:527501.12.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSrh-php73-phpFixedRHSA-2020:527501.12.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-170
https://bugzilla.redhat.com/show_bug.cgi?id=1786572php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte

EPSS

Процентиль: 97%
0.40595
Средний

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11045

CVSS3: 3.7
ubuntu
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

nvd логотип

CVE-2019-11045

CVSS3: 3.7
nvd
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

debian логотип

CVE-2019-11045

CVSS3: 3.7
debian
больше 5 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...

github логотип

GHSA-jv88-p4rw-4m4h

CVSS3: 5.9
github
около 3 лет назад

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

fstec логотип

BDU:2020-01278

CVSS3: 3.7
fstec
больше 5 лет назад

Уязвимость реализации класса PHP DirectoryIterator интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 97%
0.40595
Средний

5.9 Medium

CVSS3