CVE-2015-4598 Information
Share on:Description
PHP before 5.4.42 5.5.x before 5.5.26 and 5.6.x before 5.6.10 does not ensure that pathnames lack 00 sequences which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Reference
http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/06/16/12 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75244 http://www.securitytracker.com/id/1032709 https://bugs.php.net/bug.php?id=69719
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.5