CVE-2014-3981

EPSS 0.17%
Veröffentlicht 08.06.2014 18:55:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php ≫ Php Version < 5.3.29

Php ≫ Php Version >= 5.4.0 < 5.4.30

Php ≫ Php Version >= 5.5.0 < 5.5.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.382

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	3.4	4.9	AV:L/AC:M/Au:N/C:N/I:P/A:P

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Third Party Advisory

http://marc.info/?l=bugtraq&m=141390017113542&w=2

Third Party Advisory

Mailing List

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Mailing List

https://support.apple.com/HT204659

Third Party Advisory

http://support.apple.com/kb/HT6443

Third Party Advisory

http://marc.info/?l=bugtraq&m=141017844705317&w=2