CVE-2002-0229

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.iss.net/security_center/static/8105.php	Vendor Advisory
http://www.securityfocus.com/bid/4026
http://marc.info/?l=bugtraq&m=101304702002321&w=2
http://marc.info/?l=ntbugtraq&m=101303065423534&w=2
http://marc.info/?l=ntbugtraq&m=101303819613337&w=2
http://marc.info/?l=ntbugtraq&m=101285016125377&w=2
http://marc.info/?l=bugtraq&m=101286577109716&w=2

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:3.0.13:::::::*
	cpe:2.3:a:php:php:3.0.16:::::::*
	cpe:2.3:a:php:php:3.0.8:::::::*
	cpe:2.3:a:php:php:3.0.9:::::::*
	cpe:2.3:a:php:php:4.1.0:::::::*
	cpe:2.3:a:php:php:4.1.2:::::::*
	cpe:2.3:a:php:php:3.0.1:::::::*
	cpe:2.3:a:php:php:3.0.10:::::::*
	cpe:2.3:a:php:php:3.0.4:::::::*
	cpe:2.3:a:php:php:3.0.5:::::::*
	cpe:2.3:a:php:php:4.0.3:::::::*
	cpe:2.3:a:php:php:3.0:::::::*
	cpe:2.3:a:php:php:3.0.11:::::::*
	cpe:2.3:a:php:php:3.0.2:::::::*
	cpe:2.3:a:php:php:4.0.4:::::::*
	cpe:2.3:a:php:php:4.0.5:::::::*
	cpe:2.3:a:php:php:3.0.7:::::::*
	cpe:2.3:a:php:php:3.0.6:::::::*
	cpe:2.3:a:php:php:4.0:::::::*
	cpe:2.3:a:php:php:4.0.1:patch2::::::
	cpe:2.3:a:php:php:4.0.6:::::::*
	cpe:2.3:a:php:php:4.0.1:::::::*
	cpe:2.3:a:php:php:3.0.12:::::::*
	cpe:2.3:a:php:php:3.0.3:::::::*

Information

Published : 2002-05-15 21:00

Updated : 2016-10-17 19:17

NVD link : CVE-2002-0229

Mitre link : CVE-2002-0229

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

php

php

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.iss.net/security_center/static/8105.php", "name": "php-mysql-safemode-bypass(8105)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/4026", "name": "4026", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=101304702002321&w=2", "name": "20020206 DW020203-PHP clarification", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=ntbugtraq&m=101303065423534&w=2", "name": "20020205 Re: PHP Safe Mode Filesystem Circumvention Problem", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "http://marc.info/?l=ntbugtraq&m=101303819613337&w=2", "name": "20020206 DW020203-PHP clarification", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "http://marc.info/?l=ntbugtraq&m=101285016125377&w=2", "name": "20020203 PHP Safe Mode Filesystem Circumvention Problem", "tags": [], "refsource": "NTBUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=101286577109716&w=2", "name": "20020203 PHP Safe Mode Filesystem Circumvention Problem", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using \"LOAD DATA INFILE LOCAL\" SQL statements."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0229", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-05-16T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T02:17Z"}