oval:org.mitre.oval:def:6056
Definition Id: oval:org.mitre.oval:def:6056 | |||
Oval ID: | oval:org.mitre.oval:def:6056 | ||
Title: | HP-UX Running Apache, Remote Execution of Arbitrary Code | ||
Description: | The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3378 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|