6.2

CVE-2007-1370

EPSS 0.05%
Veröffentlicht 09.03.2007 22:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files.  NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zend ≫ Zend Platform Version2.2.1a

Zend ≫ Zend Platform Version2.2.1a Updatea

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.128

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/24501

http://www.vupen.com/english/advisories/2007/0829

http://www.zend.com/products/zend_platform/security_vulnerabilities

Vendor Advisory

http://www.osvdb.org/32772

http://www.php-security.org/MOPB/BONUS-06-2007.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/22801

https://exchange.xforce.ibmcloud.com/vulnerabilities/32825

https://nvd.nist.gov/vuln/detail/CVE-2007-1370

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1370

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1370

EUVD