Vulnerability CVE-2006-2563


Published: 2006-05-29   Modified: 2012-02-12

Description:
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.

See advisories in our WLB2 database:
Topic
Author
Date
High
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4
Maksymilian Arci...
27.05.2006

Vendor: PHP
Product: PHP 
Version: 5.1.4; 4.4.2;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.vupen.com/english/advisories/2006/2055
http://www.securityfocus.com/bid/18116
http://xforce.iss.net/xforce/xfdb/26764
http://www.novell.com/linux/security/advisories/2006_52_php.html
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://securitytracker.com/id?1016175
http://securityreason.com/securityalert/959
http://securityreason.com/achievement_securityalert/39
http://secunia.com/advisories/22039
http://secunia.com/advisories/21847
http://secunia.com/advisories/21050
http://secunia.com/advisories/20337

Related CVE
CVE-2018-10549
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a Make...
CVE-2018-10548
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishan...
CVE-2018-10547
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE:...
CVE-2018-10546
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10545
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one u...
CVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This ...
CVE-2015-9253
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system...
CVE-2016-10712
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "...

Copyright 2018, cxsecurity.com

 

Back to Top