New Search

HP-UX Running Apache Remote Execution of Arbitrary Code

oval:org.mitre.oval:def:6056

The (1) session_save_path (2) ini_set and (3) error_log functions in PHP 4.4.7 and earlier and PHP 5 5.2.3 and earlier when invoked from a .htaccess file allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands as demonstrated using (a) php_value (b) php_flag and (c) directives in .htaccess.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2007-3378
Product(s):