Vulnerability Description
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Linux | All versions |
| Gentoo | Php Toolkit | <= 1.0 |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=209535
- http://security.gentoo.org/glsa/glsa-200804-19.xml
- http://www.securityfocus.com/bid/28844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41928
- http://bugs.gentoo.org/show_bug.cgi?id=209535
- http://security.gentoo.org/glsa/glsa-200804-19.xml
- http://www.securityfocus.com/bid/28844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41928
FAQ
What is CVE-2008-1734?
CVE-2008-1734 is a vulnerability with a CVSS score of 3.6 (LOW). Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-let...
How severe is CVE-2008-1734?
CVE-2008-1734 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1734?
Check the references section above for vendor advisories and patch information. Affected products include: Gentoo Linux, Gentoo Php Toolkit.