CVE-2010-1130

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

References

http://secunia.com/advisories/38708

http://securityreason.com/achievement_securityalert/82

http://securityreason.com/securityalert/7008

http://securitytracker.com/id?1023661

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?view=log

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=293036&r2=294272

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?view=log

http://www.php.net/ChangeLog-5.php

http://www.php.net/releases/5_2_13.php

http://www.vupen.com/english/advisories/2010/0479

Details

Source: MITRE

Published: 2010-03-26

Updated: 2018-10-30

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
56459GLSA-201110-06 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
49306Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : php5 vulnerabilities (USN-989-1)NessusUbuntu Local Security Checks
high
45029Mandriva Linux Security Advisory : php (MDVSA-2010:058)NessusMandriva Local Security Checks
high
5346PHP < 5.2.13 / 5.3.x < 5.3.2 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
44921PHP < 5.3.2 / 5.2.13 Multiple VulnerabilitiesNessusCGI abuses
medium