CVE-2008-5625

PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
phpphp
𝑥
≤ 5.2.6
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
intrepid
Fixed 5.2.6-2ubuntu4.1
released
hardy
Fixed 5.2.4-2ubuntu5.5
released
gutsy
Fixed 5.2.3-1ubuntu6.5
released
dapper
Fixed 5.1.2-1ubuntu3.13
released
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://osvdb.org/52205
http://secunia.com/advisories/35650
http://securityreason.com/achievement_securityalert/57
http://wiki.rpath.com/Advisories:rPSA-2009-0035
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
http://www.php.net/ChangeLog-5.php#5.2.7
http://www.securityfocus.com/archive/1/501376/100/0/threaded
http://www.securityfocus.com/bid/32383
https://exchange.xforce.ibmcloud.com/vulnerabilities/47314
https://www.exploit-db.com/exploits/7171
http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://osvdb.org/52205
http://secunia.com/advisories/35650
http://securityreason.com/achievement_securityalert/57
http://wiki.rpath.com/Advisories:rPSA-2009-0035
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
http://www.php.net/ChangeLog-5.php#5.2.7
http://www.securityfocus.com/archive/1/501376/100/0/threaded
http://www.securityfocus.com/bid/32383
https://exchange.xforce.ibmcloud.com/vulnerabilities/47314
https://www.exploit-db.com/exploits/7171