CVE-2007-4652

Published Sep 4, 2007

Last updated 7 years ago

Overview

Description
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 2.0

Type
Primary
Base score
4.4
Impact score
6.4
Exploitability score
3.4
Vector string
AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-59

Social media

Hype score
Not currently trending

Vendor comments

  • MandrivaDue to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group’s stance on these features, Mandriva does not consider this a security issue.
  • Red HatWe do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

Configurations