CVE-2008-1734

EPSS 0.06%
Veröffentlicht 18.04.2008 15:05:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gentoo ≫ Php Toolkit Updaterc1 Version <= 1.0

Gentoo ≫ Linux

Gentoo ≫ Php Toolkit Version1.0

Gentoo ≫ Linux

Gentoo ≫ Php Toolkit Version1.0 Updaterc2

Gentoo ≫ Linux

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.149

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.gentoo.org/show_bug.cgi?id=209535

http://security.gentoo.org/glsa/glsa-200804-19.xml

http://www.securityfocus.com/bid/28844

https://exchange.xforce.ibmcloud.com/vulnerabilities/41928

https://nvd.nist.gov/vuln/detail/CVE-2008-1734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1734

EUVD