// For flags

CVE-2007-3378

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

Las funciones (1) session_save_path, (2) ini_set y (3) error_log en PHP versión 4.4.7 y versiones anteriores, y PHP versión 5 5.2.3 y versiones anteriores, cuando se invocan desde un archivo .htaccess, permiten a los atacantes remotos omitir las restricciones safe_mode y open_basedir y posiblemente ejecutar comandos arbitrarios, como se ha demostrado utilizando (a) php_value, (b) php_flag y (c) las directivas en .htaccess.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-25 CVE Reserved
  • 2007-06-29 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (39)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=307562 Third Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/34 Mailing List
http://secunia.com/advisories/26642 Third Party Advisory
http://secunia.com/advisories/26822 Third Party Advisory
http://secunia.com/advisories/26838 Third Party Advisory
http://secunia.com/advisories/27102 Third Party Advisory
http://secunia.com/advisories/27377 Third Party Advisory
http://secunia.com/advisories/27648 Third Party Advisory
http://secunia.com/advisories/28318 Third Party Advisory
http://secunia.com/advisories/28750 Third Party Advisory
http://secunia.com/advisories/28936 Third Party Advisory
http://secunia.com/advisories/29420 Third Party Advisory
http://secunia.com/advisories/30040 Third Party Advisory
http://securityreason.com/achievement_exploitalert/9 Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/09/17/3 Mailing List
http://www.osvdb.org/38682 Broken Link
http://www.securityfocus.com/archive/1/472343/100/0/threaded Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/35102 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39403 Third Party Advisory
https://issues.rpath.com/browse/RPL-1693 Broken Link
https://issues.rpath.com/browse/RPL-1702 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056 Signature
URL Date SRC
http://securityreason.com/achievement_securityalert/45 2024-08-07
http://securityreason.com/securityalert/2831 2024-08-07
http://securityreason.com/securityalert/3389 2024-08-07
URL Date SRC
http://www.php.net/ChangeLog-4.php 2020-09-18
http://www.php.net/ChangeLog-5.php#5.2.4 2020-09-18
http://www.php.net/ChangeLog-5.php#5.2.5 2020-09-18
http://www.php.net/releases/4_4_8.php 2020-09-18
http://www.php.net/releases/5_2_4.php 2020-09-18
http://www.php.net/releases/5_2_5.php 2020-09-18
http://www.securityfocus.com/bid/24661 2020-09-18
http://www.securityfocus.com/bid/25498 2020-09-18
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 2020-09-18
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html 2020-09-18
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 2020-09-18
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml 2020-09-18
http://www.securityfocus.com/archive/1/491693/100/0/threaded 2020-09-18
http://www.trustix.org/errata/2007/0026 2020-09-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 4.0.0 <= 4.4.7
Search vendor "Php" for product "Php" and version " >= 4.0.0 <= 4.4.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.0.0 <= 5.2.3
Search vendor "Php" for product "Php" and version " >= 5.0.0 <= 5.2.3"
-
Affected