CVE-2003-0536
CVSS3.6
发布时间 :2003-08-18 00:00:00
修订时间 :2016-10-17 22:35:07
NMCOE    

[原文]Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.


[CNNVD]PHPsysInfo多个输入确认漏洞(CNNVD-200308-082)

        phpSysInfo 2.1版本及之前版本存在目录遍历漏洞。带有本地目录写使用权的攻击者可以借助(1)模板或(2)lng参数中的..(点 点)序列像PHP用户读取任意文件或者导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:phpsysinfo:phpsysinfo:2.1
cpe:/a:phpsysinfo:phpsysinfo:2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0536
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0536
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-082
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105128606513226&w=2
(UNKNOWN)  BUGTRAQ  20030425 Unauthorized reading files on phpSysInfo
http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015
(UNKNOWN)  MISC  http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015
http://www.debian.org/security/2003/dsa-346
(VENDOR_ADVISORY)  DEBIAN  DSA-346

- 漏洞信息

PHPsysInfo多个输入确认漏洞
低危 路径遍历
2003-08-18 00:00:00 2005-10-20 00:00:00
远程  
        phpSysInfo 2.1版本及之前版本存在目录遍历漏洞。带有本地目录写使用权的攻击者可以借助(1)模板或(2)lng参数中的..(点 点)序列像PHP用户读取任意文件或者导致服务拒绝。

- 公告与补丁

        
        These vulnerabilities have been fixed in the 2.4.1 release of phpSysinfo. Please see the referenced advisories for further information.
        eGroupWare eGroupWare 1.0 .0.007
        

- 漏洞信息 (22459)

PHPSysInfo 2.0/2.1 Index.PHP LNG File Disclosure Vulnerability (EDBID:22459)
php webapps
2003-04-04 Verified
0 Albert Puigsech Galicia
N/A [点击下载]
source: http://www.securityfocus.com/bid/7286/info

PHPSysInfo has been reported to be vulnerable to a file disclosure issue.

Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious language file is symlinked to a web server readable file, the contents of the linked file may be disclosed to the attacker. The file may also contain PHP code which may be executed in the context of the web server hosting the vulnerable application.

This attack may lead to confidential or sensitive information disclosure, which could be used to launch other attacks.

~$ ln -s /etc/passwd /tmp/p.php
http://www.example.com/index.php?lng=../../../../tmp/p


~$ echo "<?php phpinfo() ?>" > /tmp/p.php
http://www.example.com/index.php?lng=../../../../tmp/p 		

- 漏洞信息

8928
phpSysInfo Multiple Parameter Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2003-01-18 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站