oval:org.mitre.oval:def:19494

Definition Id: oval:org.mitre.oval:def:19494

Oval ID:	oval:org.mitre.oval:def:19494
Title:	HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
Description:	PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-7243	Version:	10
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02741 platforms HP Release B.11.23 AND HP-UX B.11.31 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.35.01 OR Criteria meets HP Security Bulletin HPSBUX02741 platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests hpuxws22APCH32.APACHE version is less than B.2.2.15.11 AND hpuxws22APCH32.APACHE2 version is less than B.2.2.15.11 AND hpuxws22APCH32.AUTH_LDAP version is less than B.2.2.15.11 AND hpuxws22APCH32.AUTH_LDAP2 version is less than B.2.2.15.11 AND hpuxws22APCH32.MOD_JK version is less than B.2.2.15.11 AND hpuxws22APCH32.MOD_JK2 version is less than B.2.2.15.11 AND hpuxws22APCH32.MOD_PERL version is less than B.2.2.15.11 AND hpuxws22APCH32.MOD_PERL2 version is less than B.2.2.15.11 AND hpuxws22APCH32.PHP version is less than B.2.2.15.11 AND hpuxws22APCH32.PHP2 version is less than B.2.2.15.11 AND hpuxws22APCH32.WEBPROXY version is less than B.2.2.15.11

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0283s

Facebook rss twitter linkedin mail