CVE-2010-1130
published 2010-03-26CVE-2010-1130: session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the…
PriorityP335medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
9.37%
94.8th percentile
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.2.12 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2010-09-20·CVSS 5.0
CVE-2010-0397 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc
requests. An attacker could exploit this issue to cause the PHP server to
crash, resulting in a denial of service. This issue only affected Ubuntu
6.06 LTS, 8.04 LTS, 9.04 and 9.10. (CVE-2010-0397)
It was discovered that the pseudorandom number generator in PHP did not
provide the expected entropy. An attacker could exploit this issue to
predict values that were intended to be random, such as session cookies.
This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10.
(CVE-2010-1128)
It was discovered that PHP did not properly handle directory pathnames that
lacked a trailing slash character. An attacker could exploit this issue to
bypass safe_mode restrictions. This issue only affe
Red Hat
php: safe_mode / open_basedir security fixes in 5.2.13/5.3.2
vendor_redhat·2010-02-25·CVSS 5.0
CVE-2010-1130 [MEDIUM] php: safe_mode / open_basedir security fixes in 5.2.13/5.3.2
php: safe_mode / open_basedir security fixes in 5.2.13/5.3.2
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
Statement: We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
GHSA
GHSA-8fx5-jfgh-rj5g: session
ghsa_unreviewed·2022-05-02
CVE-2010-1130 [MEDIUM] GHSA-8fx5-jfgh-rj5g: session
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).
No detection rules found.
http://secunia.com/advisories/38708http://securityreason.com/achievement_securityalert/82http://securityreason.com/securityalert/7008http://securitytracker.com/id?1023661http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?view=loghttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=293036&r2=294272http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?view=loghttp://www.php.net/ChangeLog-5.phphttp://www.php.net/releases/5_2_13.phphttp://www.vupen.com/english/advisories/2010/0479http://secunia.com/advisories/38708http://securityreason.com/achievement_securityalert/82http://securityreason.com/securityalert/7008http://securitytracker.com/id?1023661http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?r1=293036&r2=294272http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/session/session.c?view=loghttp://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?r1=293036&r2=294272http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/session/session.c?view=loghttp://www.php.net/ChangeLog-5.phphttp://www.php.net/releases/5_2_13.phphttp://www.vupen.com/english/advisories/2010/0479
2010-03-26
Published