CVE-2008-1734

EPSS 0.06%
Published 18.04.2008 15:05:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Gentoo ≫ Php Toolkit Updaterc1 Version <= 1.0

Gentoo ≫ Linux

Gentoo ≫ Php Toolkit Version1.0

Gentoo ≫ Linux

Gentoo ≫ Php Toolkit Version1.0 Updaterc2

Gentoo ≫ Linux

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.149

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.gentoo.org/show_bug.cgi?id=209535

http://security.gentoo.org/glsa/glsa-200804-19.xml

http://www.securityfocus.com/bid/28844

https://exchange.xforce.ibmcloud.com/vulnerabilities/41928

https://nvd.nist.gov/vuln/detail/CVE-2008-1734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1734

EUVD