CVE - CVE-2007-3378

CVE-ID
CVE-2007-3378	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BID:24661 URL:http://www.securityfocus.com/bid/24661 BID:25498 URL:http://www.securityfocus.com/bid/25498 BUGTRAQ:20070627 PHP 4/5 htaccess safemode and open_basedir Bypass URL:http://www.securityfocus.com/archive/1/472343/100/0/threaded CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://www.php.net/ChangeLog-4.php CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.4 CONFIRM:http://www.php.net/ChangeLog-5.php#5.2.5 CONFIRM:http://www.php.net/releases/4_4_8.php CONFIRM:http://www.php.net/releases/5_2_4.php CONFIRM:http://www.php.net/releases/5_2_5.php CONFIRM:https://issues.rpath.com/browse/RPL-1693 CONFIRM:https://issues.rpath.com/browse/RPL-1702 FULLDISC:20200918 Apache + PHP <= 7.4.10 open_basedir bypass URL:http://seclists.org/fulldisclosure/2020/Sep/34 GENTOO:GLSA-200710-02 URL:http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml HP:HPSBUX02308 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 HP:HPSBUX02332 URL:http://www.securityfocus.com/archive/1/491693/100/0/threaded HP:SSRT080010 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 HP:SSRT080056 URL:http://www.securityfocus.com/archive/1/491693/100/0/threaded MISC:http://securityreason.com/achievement_exploitalert/9 MLIST:[oss-security] 20200917 Apache + PHP <= 7.4.10 open_basedir bypass URL:http://www.openwall.com/lists/oss-security/2020/09/17/3 OSVDB:38682 URL:~~http://www.osvdb.org/38682~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:6056 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056 SECUNIA:26642 URL:http://secunia.com/advisories/26642 SECUNIA:26822 URL:http://secunia.com/advisories/26822 SECUNIA:26838 URL:http://secunia.com/advisories/26838 SECUNIA:27102 URL:http://secunia.com/advisories/27102 SECUNIA:27377 URL:http://secunia.com/advisories/27377 SECUNIA:27648 URL:http://secunia.com/advisories/27648 SECUNIA:28318 URL:http://secunia.com/advisories/28318 SECUNIA:28750 URL:http://secunia.com/advisories/28750 SECUNIA:28936 URL:http://secunia.com/advisories/28936 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:30040 URL:http://secunia.com/advisories/30040 SLACKWARE:SSA:2008-045-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136 SREASON:2831 URL:http://securityreason.com/securityalert/2831 SREASON:3389 URL:http://securityreason.com/securityalert/3389 SREASONRES:20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass URL:http://securityreason.com/achievement_securityalert/45 TRUSTIX:2007-0026 URL:~~http://www.trustix.org/errata/2007/0026/~~ (Obsolete source - check if archived by the Wayback Machine) VUPEN:ADV-2007-3023 URL:~~http://www.vupen.com/english/advisories/2007/3023~~ (Obsolete source) VUPEN:ADV-2008-0059 URL:~~http://www.vupen.com/english/advisories/2008/0059~~ (Obsolete source) VUPEN:ADV-2008-0398 URL:~~http://www.vupen.com/english/advisories/2008/0398~~ (Obsolete source) VUPEN:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) XF:php-htaccess-security-bypass(35102) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35102 XF:php-sessionsavepath-errorlog-security-bypass(39403) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39403
Assigning CNA
MITRE Corporation
Date Record Created
20070625	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)