Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2348

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2348
Last Modified 09 Oct 2015 10:00:52
Published 30 Mar 2015 06:59:14
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2348

Summary

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

Vulnerable Systems

Application

  • Php 5.4.38

  • Php 5.5.0

  • Php 5.5.1

  • Php 5.5.10

  • Php 5.5.11

  • Php 5.5.12

  • Php 5.5.13

  • Php 5.5.14

  • Php 5.5.15

  • Php 5.5.16

  • Php 5.5.17

  • Php 5.5.18

  • Php 5.5.19

  • Php 5.5.2

  • Php 5.5.20

  • Php 5.5.21

  • Php 5.5.22

  • Php 5.5.3

  • Php 5.5.4

  • Php 5.5.5

  • Php 5.5.6

  • Php 5.5.7

  • Php 5.5.8

  • Php 5.5.9

  • Php 5.6.0

  • Php 5.6.1

  • Php 5.6.2

  • Php 5.6.3

  • Php 5.6.4

  • Php 5.6.5

  • Php 5.6.6


References

CONFIRM - https://bugs.php.net/bug.php?id=69207

CONFIRM - http://php.net/ChangeLog-5.php

CONFIRM - http://git.php.net/?p=php-src.git;a=commit;h=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1

SUSE - openSUSE-SU-2015:0684

CONFIRM - https://support.apple.com/HT205267

APPLE - APPLE-SA-2015-09-30-3


Last Updated: 27 May 2016 11:08:14