- Description
- Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 3.6
- Impact score
- 4.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:P
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:php_toolkit:*:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "509DE99A-4F75-4BB6-85C4-3244F08252B2",
"versionEndIncluding": "1.0"
},
{
"criteria": "cpe:2.3:a:gentoo:php_toolkit:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0799813F-9774-4C07-A2EB-FF1D5D3C8763"
},
{
"criteria": "cpe:2.3:a:gentoo:php_toolkit:1.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3245C5A-35B3-46E1-8307-3390C0AFEBA0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]