CVE-2019-9637

EUVD-2019-19006
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
< 7.1.27
phpphp
7.2.0 ≤
𝑥
< 7.2.16
phpphp
7.3.0 ≤
𝑥
< 7.3.3
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
opensuseleap
42.3
netappstorage_automation_store
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
bionic
dne
cosmic
dne
disco
dne
trusty
Fixed 5.5.9+dfsg-1ubuntu4.29
released
xenial
dne
php7.0
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
Fixed 7.0.33-0ubuntu0.16.04.3
released
php7.2
bionic
Fixed 7.2.15-0ubuntu0.18.04.2
released
cosmic
Fixed 7.2.15-0ubuntu0.18.10.2
released
disco
Fixed 7.2.15-0ubuntu3
released
trusty
dne
xenial
dne
php7.3
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
https://access.redhat.com/errata/RHSA-2019:2519
https://access.redhat.com/errata/RHSA-2019:3299
https://bugs.php.net/bug.php?id=77630
https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html
https://security.netapp.com/advisory/ntap-20190502-0007/
https://support.f5.com/csp/article/K53825211
https://usn.ubuntu.com/3922-1/
https://usn.ubuntu.com/3922-2/
https://usn.ubuntu.com/3922-3/
https://www.debian.org/security/2019/dsa-4403
https://www.tenable.com/security/tns-2019-07
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
https://access.redhat.com/errata/RHSA-2019:2519
https://access.redhat.com/errata/RHSA-2019:3299
https://bugs.php.net/bug.php?id=77630
https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html
https://security.netapp.com/advisory/ntap-20190502-0007/
https://support.f5.com/csp/article/K53825211
https://usn.ubuntu.com/3922-1/
https://usn.ubuntu.com/3922-2/
https://usn.ubuntu.com/3922-3/
https://www.debian.org/security/2019/dsa-4403
https://www.tenable.com/security/tns-2019-07