CVE-2015-4598
Published: 17 June 2015
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
precise |
Released
(5.3.10-1ubuntu3.19)
|
| trusty |
Released
(5.5.9+dfsg-1ubuntu4.11)
|
|
| upstream |
Released
(5.6.10, 5.5.26, 5.4.42)
|
|
| utopic |
Released
(5.5.12+dfsg-2ubuntu4.6)
|
|
| vivid |
Released
(5.6.4+dfsg-4ubuntu6.2)
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=f7d7befae8bcc2db0093f8adaa9f72eeb7ad891e upstream: http://git.php.net/?p=php-src.git;a=commit;h=eee8b6c33fc968ef8c496db8fb54e8c9d9d5a8f9 upstream: http://git.php.net/?p=php-src.git;a=commit;h=a643ccfb90750e0d830106588d2a46af87706b5b upstream: http://git.php.net/?p=php-src.git;a=commit;h=634aa0a2dbf8ec5e6fabb4ee01c6d1355ba7ee67 upstream: http://git.php.net/?p=php-src.git;a=commit;h=1defbb25ed69e7a1a90e2bcb2ee3b9190ea06577 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |