CVE-2008-5658 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
php	php	𝑥 ≤ 5.2.6
php	php	5.0.0
php	php	5.0.0:beta1
php	php	5.0.0:beta2
php	php	5.0.0:beta3
php	php	5.0.0:beta4
php	php	5.0.0:rc1
php	php	5.0.0:rc2
php	php	5.0.0:rc3
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php5

intrepid	Fixed 5.2.6-2ubuntu4.1 released
hardy	Fixed 5.2.4-2ubuntu5.5 released
gutsy	Fixed 5.2.3-1ubuntu6.5 released
dapper	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://osvdb.org/50480

http://secunia.com/advisories/35003

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2009/dsa-1789

http://www.mandriva.com/security/advisories?name=MDVSA-2009:045

http://www.openwall.com/lists/oss-security/2008/12/04/3

http://www.php.net/ChangeLog-5.php#5.2.7

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securityfocus.com/bid/32625

http://www.securitytracker.com/id?1021303

http://www.sektioneins.de/advisories/SE-2008-06.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/47079

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://osvdb.org/50480

http://secunia.com/advisories/35003

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2009/dsa-1789

http://www.mandriva.com/security/advisories?name=MDVSA-2009:045

http://www.openwall.com/lists/oss-security/2008/12/04/3

http://www.php.net/ChangeLog-5.php#5.2.7

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securityfocus.com/bid/32625

http://www.securitytracker.com/id?1021303

http://www.sektioneins.de/advisories/SE-2008-06.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/47079

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html