{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-06-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-09-18T18:06:25.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"2831","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/2831"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/ChangeLog-5.php#5.2.5"},{"name":"26822","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26822"},{"name":"28750","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28750"},{"name":"ADV-2008-0059","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0059"},{"name":"php-sessionsavepath-errorlog-security-bypass(39403)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39403"},{"name":"GLSA-200710-02","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"},{"name":"ADV-2008-0924","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0924/references"},{"tags":["x_refsource_MISC"],"url":"http://securityreason.com/achievement_exploitalert/9"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/releases/4_4_8.php"},{"name":"SSA:2008-045-03","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136"},{"name":"30040","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30040"},{"name":"ADV-2008-0398","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0398"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/releases/5_2_5.php"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/ChangeLog-5.php#5.2.4"},{"name":"28936","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28936"},{"name":"2007-0026","tags":["vendor-advisory","x_refsource_TRUSTIX"],"url":"http://www.trustix.org/errata/2007/0026/"},{"name":"29420","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29420"},{"name":"APPLE-SA-2008-03-18","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.rpath.com/browse/RPL-1693"},{"name":"SSRT080056","tags":["vendor-advisory","x_refsource_HP"],"url":"http://www.securityfocus.com/archive/1/491693/100/0/threaded"},{"name":"3389","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3389"},{"name":"27648","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27648"},{"name":"20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass","tags":["third-party-advisory","x_refsource_SREASONRES"],"url":"http://securityreason.com/achievement_securityalert/45"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.rpath.com/browse/RPL-1702"},{"name":"26838","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26838"},{"name":"27377","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27377"},{"name":"20070627 PHP 4/5 htaccess safemode and open_basedir Bypass","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/472343/100/0/threaded"},{"name":"HPSBUX02332","tags":["vendor-advisory","x_refsource_HP"],"url":"http://www.securityfocus.com/archive/1/491693/100/0/threaded"},{"name":"php-htaccess-security-bypass(35102)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35102"},{"tags":["x_refsource_CONFIRM"],"url":"http://docs.info.apple.com/article.html?artnum=307562"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/ChangeLog-4.php"},{"name":"27102","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/27102"},{"name":"ADV-2007-3023","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/3023"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.php.net/releases/5_2_4.php"},{"name":"SSRT080010","tags":["vendor-advisory","x_refsource_HP"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"},{"name":"28318","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28318"},{"name":"HPSBUX02308","tags":["vendor-advisory","x_refsource_HP"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"},{"name":"25498","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/25498"},{"name":"oval:org.mitre.oval:def:6056","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056"},{"name":"26642","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26642"},{"name":"24661","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/24661"},{"name":"38682","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/38682"},{"name":"[oss-security] 20200917 Apache + PHP <= 7.4.10 open_basedir bypass","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2020/09/17/3"},{"name":"20200918 Apache + PHP <= 7.4.10 open_basedir bypass","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2020/Sep/34"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-3378","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"2831","refsource":"SREASON","url":"http://securityreason.com/securityalert/2831"},{"name":"http://www.php.net/ChangeLog-5.php#5.2.5","refsource":"CONFIRM","url":"http://www.php.net/ChangeLog-5.php#5.2.5"},{"name":"26822","refsource":"SECUNIA","url":"http://secunia.com/advisories/26822"},{"name":"28750","refsource":"SECUNIA","url":"http://secunia.com/advisories/28750"},{"name":"ADV-2008-0059","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0059"},{"name":"php-sessionsavepath-errorlog-security-bypass(39403)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39403"},{"name":"GLSA-200710-02","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"},{"name":"ADV-2008-0924","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0924/references"},{"name":"http://securityreason.com/achievement_exploitalert/9","refsource":"MISC","url":"http://securityreason.com/achievement_exploitalert/9"},{"name":"http://www.php.net/releases/4_4_8.php","refsource":"CONFIRM","url":"http://www.php.net/releases/4_4_8.php"},{"name":"SSA:2008-045-03","refsource":"SLACKWARE","url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136"},{"name":"30040","refsource":"SECUNIA","url":"http://secunia.com/advisories/30040"},{"name":"ADV-2008-0398","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0398"},{"name":"http://www.php.net/releases/5_2_5.php","refsource":"CONFIRM","url":"http://www.php.net/releases/5_2_5.php"},{"name":"http://www.php.net/ChangeLog-5.php#5.2.4","refsource":"CONFIRM","url":"http://www.php.net/ChangeLog-5.php#5.2.4"},{"name":"28936","refsource":"SECUNIA","url":"http://secunia.com/advisories/28936"},{"name":"2007-0026","refsource":"TRUSTIX","url":"http://www.trustix.org/errata/2007/0026/"},{"name":"29420","refsource":"SECUNIA","url":"http://secunia.com/advisories/29420"},{"name":"APPLE-SA-2008-03-18","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"},{"name":"https://issues.rpath.com/browse/RPL-1693","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-1693"},{"name":"SSRT080056","refsource":"HP","url":"http://www.securityfocus.com/archive/1/491693/100/0/threaded"},{"name":"3389","refsource":"SREASON","url":"http://securityreason.com/securityalert/3389"},{"name":"27648","refsource":"SECUNIA","url":"http://secunia.com/advisories/27648"},{"name":"20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass","refsource":"SREASONRES","url":"http://securityreason.com/achievement_securityalert/45"},{"name":"https://issues.rpath.com/browse/RPL-1702","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-1702"},{"name":"26838","refsource":"SECUNIA","url":"http://secunia.com/advisories/26838"},{"name":"27377","refsource":"SECUNIA","url":"http://secunia.com/advisories/27377"},{"name":"20070627 PHP 4/5 htaccess safemode and open_basedir Bypass","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/472343/100/0/threaded"},{"name":"HPSBUX02332","refsource":"HP","url":"http://www.securityfocus.com/archive/1/491693/100/0/threaded"},{"name":"php-htaccess-security-bypass(35102)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35102"},{"name":"http://docs.info.apple.com/article.html?artnum=307562","refsource":"CONFIRM","url":"http://docs.info.apple.com/article.html?artnum=307562"},{"name":"http://www.php.net/ChangeLog-4.php","refsource":"CONFIRM","url":"http://www.php.net/ChangeLog-4.php"},{"name":"27102","refsource":"SECUNIA","url":"http://secunia.com/advisories/27102"},{"name":"ADV-2007-3023","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/3023"},{"name":"http://www.php.net/releases/5_2_4.php","refsource":"CONFIRM","url":"http://www.php.net/releases/5_2_4.php"},{"name":"SSRT080010","refsource":"HP","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"},{"name":"28318","refsource":"SECUNIA","url":"http://secunia.com/advisories/28318"},{"name":"HPSBUX02308","refsource":"HP","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"},{"name":"25498","refsource":"BID","url":"http://www.securityfocus.com/bid/25498"},{"name":"oval:org.mitre.oval:def:6056","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056"},{"name":"26642","refsource":"SECUNIA","url":"http://secunia.com/advisories/26642"},{"name":"24661","refsource":"BID","url":"http://www.securityfocus.com/bid/24661"},{"name":"38682","refsource":"OSVDB","url":"http://www.osvdb.org/38682"},{"name":"[oss-security] 20200917 Apache + PHP <= 7.4.10 open_basedir bypass","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2020/09/17/3"},{"name":"20200918 Apache + PHP <= 7.4.10 open_basedir bypass","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2020/Sep/34"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T14:14:12.954Z"},"title":"CVE Program Container","references":[{"name":"2831","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/2831"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/ChangeLog-5.php#5.2.5"},{"name":"26822","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26822"},{"name":"28750","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28750"},{"name":"ADV-2008-0059","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0059"},{"name":"php-sessionsavepath-errorlog-security-bypass(39403)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39403"},{"name":"GLSA-200710-02","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"},{"name":"ADV-2008-0924","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0924/references"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://securityreason.com/achievement_exploitalert/9"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/releases/4_4_8.php"},{"name":"SSA:2008-045-03","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136"},{"name":"30040","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30040"},{"name":"ADV-2008-0398","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0398"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/releases/5_2_5.php"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/ChangeLog-5.php#5.2.4"},{"name":"28936","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28936"},{"name":"2007-0026","tags":["vendor-advisory","x_refsource_TRUSTIX","x_transferred"],"url":"http://www.trustix.org/errata/2007/0026/"},{"name":"29420","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29420"},{"name":"APPLE-SA-2008-03-18","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.rpath.com/browse/RPL-1693"},{"name":"SSRT080056","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://www.securityfocus.com/archive/1/491693/100/0/threaded"},{"name":"3389","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3389"},{"name":"27648","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27648"},{"name":"20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass","tags":["third-party-advisory","x_refsource_SREASONRES","x_transferred"],"url":"http://securityreason.com/achievement_securityalert/45"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.rpath.com/browse/RPL-1702"},{"name":"26838","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26838"},{"name":"27377","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27377"},{"name":"20070627 PHP 4/5 htaccess safemode and open_basedir Bypass","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/472343/100/0/threaded"},{"name":"HPSBUX02332","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://www.securityfocus.com/archive/1/491693/100/0/threaded"},{"name":"php-htaccess-security-bypass(35102)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35102"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://docs.info.apple.com/article.html?artnum=307562"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/ChangeLog-4.php"},{"name":"27102","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/27102"},{"name":"ADV-2007-3023","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/3023"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.php.net/releases/5_2_4.php"},{"name":"SSRT080010","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"},{"name":"28318","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28318"},{"name":"HPSBUX02308","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"},{"name":"25498","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/25498"},{"name":"oval:org.mitre.oval:def:6056","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056"},{"name":"26642","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26642"},{"name":"24661","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/24661"},{"name":"38682","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/38682"},{"name":"[oss-security] 20200917 Apache + PHP <= 7.4.10 open_basedir bypass","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2020/09/17/3"},{"name":"20200918 Apache + PHP <= 7.4.10 open_basedir bypass","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2020/Sep/34"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-3378","datePublished":"2007-06-29T18:00:00.000Z","dateReserved":"2007-06-25T00:00:00.000Z","dateUpdated":"2024-08-07T14:14:12.954Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}