CVE-2015-4598

Published May 16, 2016

Last updated 6 years ago

CVSS medium 6.5

Overview

Description: PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51E65991-DA29-4501-9B30-6719C5CEDAA2",
            "versionEndIncluding": "5.4.41"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F6D9B19-E64D-4BED-9194-17460CE19E6F"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F644EA6C-50C6-4A1C-A4AC-287AA9477B46"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DD47F30-74F5-48E8-8657-C2373FE2BD22"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C09527B-6B47-41F8-BDE6-01C47E452286"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E454D87-23CB-4D7F-90FE-942EE54D661F"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1031E646-F2CF-4A3E-8E6A-5D4BC950BEDA"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "130E50C1-D209-4CFF-9399-69D561340FBB"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1F29948-9417-460B-8B04-D91AE4E8B423"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A37D00C1-4F41-4400-9CE4-8E8BAA3E4142"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "093D08B7-CC3C-4616-8697-F15B253A7D9A"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9CD8FEE-DE7B-47CB-9985-4092BFA071D0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A30B2D9E-F289-43C9-BFBC-1CEF284A417E"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE41CFDF-8ECD-41C1-94A7-5AFD42C5DDEA"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AEAC9BA-AF82-4345-839C-D339DCB962A7"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EFE682F-52E3-48EC-A993-F522FC29712F"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "840EE3AC-5293-4F33-9E2C-96A0A2534B02"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C0FC407-96DB-425E-BB57-7A5BA839C37F"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3839C81-3DAB-4E1D-9D95-BEFFD491F43D"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC63A449-5D92-4F5F-8186-B58FFFBA54FE"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F18236F6-2065-4A6A-93E7-FD90E650C689"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEFBA84A-A4E4-438B-B9B5-8549809DCECC"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "146D3DC9-50F4-430B-B321-68ECE78879A7"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D5A7CA6-7653-46C5-8DF7-95584BF7A879"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5BA8300-2F4D-4C1E-8CCE-F45E8F3547A0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59A42F02-F363-4C13-BE83-19F757B84455"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "423ECD5F-5611-4D9A-8BE8-E4DC1527AF58"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE65D0D4-CB56-4946-AB44-2EF554602A96"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1F13E2D-A8F7-4B74-8D03-7905C81672C9"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AE1289F-03A6-4621-B387-5F5ADAC4AE92"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "383697F5-D29E-475A-84F3-46B54A928889"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "786ED182-5D71-4197-9196-12AB5CF05F85"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF90980D-74AD-44AA-A7C5-A0B294CCE4F8"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B53DC0C3-EA19-4465-B65A-BC7CDB10D8BF"
          },
          {
            "criteria": "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEA4DFC1-6C0C-42FB-9F47-E3E1AA9E47E0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References