Description
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
Products
- PHP 4.0.4pl1
- PHP PHP 4.0.5
- PHP 4.0.5 -
- PHP 4.0.5 Release Candidate 1
- PHP 4.0.5 Release Candidate 2
- PHP 4.0.5 Release Candidate 3
- PHP 4.0.5 Release Candidate 4
- PHP 4.0.5 Release Candidate 5
- PHP 4.0.5 Release Candidate 6
- PHP 4.0.5 Release Candidate 7
- PHP 4.0.5 Release Candidate 8
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-1247, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-1247 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References