CVE-2002-0253
CVSS5.0
发布时间 :2002-05-29 00:00:00
修订时间 :2016-10-17 22:17:40
NMCOS    

[原文]PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.


[CNNVD]PHP包含文件相对目录信息泄露漏洞(CNNVD-200205-067)

        
        PHP是使用广泛的脚本语言,主要用于WEB开发和CGI编程。
        当使用Apache服务器时,一些默认配置的PHP版本存在路径泄漏的漏洞。
        如果PHP包含文件使用相对目录,可能引起包含引用失败。在PHP文件尾部添加斜杠'/',然后提交请求,将返回错误信息和包含文件的完整路径。
        'Require'引用一样存在这个问题。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:php:php:4.0.1PHP PHP 4.0.1
cpe:/a:php:php:4.1.0PHP PHP 4.1.0
cpe:/a:php:php:4.0.3PHP PHP 4.0.3
cpe:/a:php:php:4.1.2PHP PHP 4.1.2
cpe:/a:php:php:4.0
cpe:/a:php:php:4.0.1:patch2
cpe:/a:php:php:4.0.5PHP PHP 4.0.5
cpe:/a:php:php:4.0.4PHP PHP 4.0.4
cpe:/a:php:php:4.0.6PHP PHP 4.0.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0253
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0253
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-067
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101318944130790&w=2
(UNKNOWN)  BUGTRAQ  20020207 Advisory #3 - PHP & JSP
http://www.iss.net/security_center/static/8122.php
(UNKNOWN)  XF  php-slash-path-information(8122)
http://www.securityfocus.com/bid/4063
(UNKNOWN)  BID  4063

- 漏洞信息

PHP包含文件相对目录信息泄露漏洞
中危 配置错误
2002-05-29 00:00:00 2005-10-20 00:00:00
远程  
        
        PHP是使用广泛的脚本语言,主要用于WEB开发和CGI编程。
        当使用Apache服务器时,一些默认配置的PHP版本存在路径泄漏的漏洞。
        如果PHP包含文件使用相对目录,可能引起包含引用失败。在PHP文件尾部添加斜杠'/',然后提交请求,将返回错误信息和包含文件的完整路径。
        'Require'引用一样存在这个问题。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 修改php.ini文件,设置:
         display_errors = Off
        
         使脚本的错误信息保存到日志文件,而不直接输出到浏览器。
        厂商补丁:
        PHP
        ---
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.php.net

- 漏洞信息

14337
PHP display_errors Malformed Request Path Disclosure
Information Disclosure, Input Manipulation
Loss of Confidentiality Solution Unknown

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-02-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHP Include File Relative Directory Information Disclosure Vulnerability
Configuration Error 4063
Yes No
2002-02-08 12:00:00 2009-07-11 10:56:00
Discovered by Paul Brereton <brereton_paul@btopenworld.com>.

- 受影响的程序版本

PHP PHP 4.1.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.0.4
+ Apple Mac OS X 10.0.3
+ Apple Mac OS X 10.0.2
+ Apple Mac OS X 10.0.1
+ Apple Mac OS X 10.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
PHP PHP 4.1 .0
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
PHP PHP 4.0.6
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ HP Secure OS software for Linux 1.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 5.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ Sun Cobalt RaQ 550
+ Sun LX50
+ Trustix Secure Linux 1.5
PHP PHP 4.0.5
PHP PHP 4.0.4
+ Compaq Compaq Secure Web Server PHP 1.0
+ Conectiva Linux 6.0
+ Guardian Digital Engarde Secure Linux 1.0.1
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
PHP PHP 4.0.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
PHP PHP 4.0.1 pl2
PHP PHP 4.0.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
PHP PHP 4.0 0
Apache Software Foundation Apache 2.0.28 Beta

- 漏洞讨论

Apache is a powerful, widely used web server available for most operating systems, including Linux, Windows and many other Unix like systems. PHP is a widely deployed scripting language, designed for web based development and CGI programming.

A path disclosure vulnerability exists in the default configuration of some releases of PHP when used with the Apache web server. If PHP include files are references with a relative directory, it is possible to cause the include statement to fail. Submitting a request for a php file appended with a trailing slash '/', will return an error message and the full path to the include file directory.

'Require' statements may also be susceptible to this issue.

- 漏洞利用

No exploit code is required.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站