Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5900

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-5900
Last Modified 07 Mar 2011 10:01:29
Published 20 Nov 2007 01:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5900

Summary

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Vulnerable Systems

Application

  • Php 5.2.4


References

SECUNIA - 27648

HP - HPSBUX02332

CONFIRM - http://www.php.net/releases/5_2_5.php

CONFIRM - http://www.php.net/ChangeLog-5.php#5.2.5

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242

SECTRACK - 1018934

CONFIRM - http://bugs.php.net/bug.php?id=41561

CONFIRM - https://issues.rpath.com/browse/RPL-1943

HP - SSRT080056

SECUNIA - 30040

SECUNIA - 27659


Last Updated: 27 May 2016 10:46:18