CVE-2007-3007 — MEDIUM (5.0)

Q: How severe is CVE-2007-3007?

CVE-2007-3007 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-3007?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.

Vulnerability Description

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Php	Php	>= 5.0.0, < 5.2.3

Related Weaknesses (CWE)

CWE-264

References

http://bugs.php.net/bug.php?id=41492Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.htmlMailing ListThird Party Advisory
http://osvdb.org/36084Broken Link
http://secunia.com/advisories/25456Vendor Advisory
http://secunia.com/advisories/26048Vendor Advisory
http://secunia.com/advisories/26231Vendor Advisory
http://secunia.com/advisories/27102Vendor Advisory
http://secunia.com/advisories/27110Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xmlThird Party Advisory
http://www.php.net/releases/5_2_3.phpVendor Advisory
http://www.securityfocus.com/bid/24259Third Party AdvisoryVDB Entry
http://www.trustix.org/errata/2007/0023/Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.Third Party Advisory
http://bugs.php.net/bug.php?id=41492Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2007-3007?

CVE-2007-3007 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if th...

How severe is CVE-2007-3007?

CVE-2007-3007 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-3007?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.