5 - CVE-2007-4850

Executive Summary

Informations
Name	CVE-2007-4850	First vendor Publication	2008-01-24
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4850

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Type	Description	Count
Application	Php cpe:2.3:a:php:php:5.2.5:-:::::: cpe:2.3:a:php:php:5.2.4:-::::::	2

OpenVAS Exploits

Date	Description
2012-06-21	Name : PHP < 4.4.9 File : nvt/nopsec_php_4_4_9.nasl
2012-06-21	Name : PHP version smaller than 5.2.6 File : nvt/nopsec_php_5_2_6.nasl
2010-05-12	Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl
2010-05-12	Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-03-23	Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl
2009-03-07	Name : Mandrake Security Advisory MDVSA-2009:065 (php4) File : nvt/mdksa_2009_065.nasl
2009-03-07	Name : Ubuntu USN-726-1 (curl) File : nvt/ubuntu_726_1.nasl
2009-03-07	Name : Ubuntu USN-726-2 (curl) File : nvt/ubuntu_726_2.nasl
2009-03-07	Name : Ubuntu USN-727-1 (network-manager-applet) File : nvt/ubuntu_727_1.nasl
2009-03-07	Name : Ubuntu USN-727-2 (network-manager) File : nvt/ubuntu_727_2.nasl
2009-01-26	Name : Mandrake Security Advisory MDVSA-2009:022 (php) File : nvt/mdksa_2009_022.nasl
2009-01-26	Name : Mandrake Security Advisory MDVSA-2009:023 (php) File : nvt/mdksa_2009_023.nasl
2008-10-07	Name : Multiple Vulnerabilities in PHP August-08 File : nvt/gb_php_mult_vuln_aug08.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
43219	PHP cURL Library (libcurl) curl/interface.c Crafted file:// Request Restricti... PHP cURL (aka libcurl) could allow context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence.

Nessus® Vulnerability Scanner

Date	Description
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-022.nasl - Type : ACT_GATHER_INFO
2008-10-10	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_9.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO
2008-07-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO
2008-05-02	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_6.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&...
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html
http://secunia.com/advisories/30048
http://secunia.com/advisories/30411
http://secunia.com/advisories/31200
http://secunia.com/advisories/31326
http://secunia.com/advisories/32222
http://securityreason.com/achievement_securityalert/51
http://securityreason.com/securityalert/3562
http://support.apple.com/kb/HT3216
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
http://www.openwall.com/lists/oss-security/2008/05/02/2
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/archive/1/486856/100/0/threaded
http://www.securityfocus.com/archive/1/492671/100/0/threaded
http://www.securityfocus.com/bid/27413
http://www.securityfocus.com/bid/29009
http://www.securityfocus.com/bid/31681
http://www.ubuntu.com/usn/usn-628-1
http://www.vupen.com/english/advisories/2008/1412
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2780
https://exchange.xforce.ibmcloud.com/vulnerabilities/39852
https://exchange.xforce.ibmcloud.com/vulnerabilities/42134

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:15:14	Multiple Updates
2024-11-28 12:13:29	Multiple Updates
2024-08-02 12:07:43	Multiple Updates
2024-08-02 01:02:25	Multiple Updates
2024-02-02 01:07:20	Multiple Updates
2024-02-01 12:02:25	Multiple Updates
2023-09-05 12:06:50	Multiple Updates
2023-09-05 01:02:16	Multiple Updates
2023-09-02 12:06:57	Multiple Updates
2023-09-02 01:02:17	Multiple Updates
2023-08-12 12:08:04	Multiple Updates
2023-08-12 01:02:17	Multiple Updates
2023-08-11 12:06:59	Multiple Updates
2023-08-11 01:02:21	Multiple Updates
2023-08-06 12:06:41	Multiple Updates
2023-08-06 01:02:18	Multiple Updates
2023-08-04 12:06:46	Multiple Updates
2023-08-04 01:02:21	Multiple Updates
2023-07-14 12:06:45	Multiple Updates
2023-07-14 01:02:18	Multiple Updates
2023-03-29 01:07:33	Multiple Updates
2023-03-28 12:02:24	Multiple Updates
2022-10-11 12:05:59	Multiple Updates
2022-10-11 01:02:09	Multiple Updates
2021-05-04 12:06:24	Multiple Updates
2021-04-22 01:06:56	Multiple Updates
2020-05-23 00:20:27	Multiple Updates
2019-06-08 12:02:13	Multiple Updates
2018-10-16 00:19:15	Multiple Updates
2017-07-29 12:02:32	Multiple Updates
2016-04-26 16:35:32	Multiple Updates
2014-02-17 10:41:45	Multiple Updates
2013-05-11 10:36:20	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	2
Sources(s)	28
osvdb(s)	1
Openvas Exploit(s)	14
Nessus® Exploit(s)	6

	Related
10	USN-628-1
10	MDVSA-2009:065
10	MDVSA-2009:023
10	MDVSA-2009:022
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

5 - CVE-2007-4850

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU