QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2665

Published: Jun 20, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

http://support.apple.com/kb/HT3549

x_refsource_CONFIRM

20080617 PHP 5.2.6 posix_access() (posix ext) safe_mode bypass

third-party-advisory

x_refsource_SREASONRES

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_HP

20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

mailing-list

x_refsource_BUGTRAQ

http://wiki.rpath.com/Advisories:rPSA-2009-0035

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

APPLE-SA-2009-05-12

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_HP

php-posixaccess-security-bypass(43196)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.