Vulnerability Details : CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
Products affected by CVE-2008-0145
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Threat overview for CVE-2008-0145
Top countries where our scanners detected CVE-2008-0145
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-0145 5,805
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-0145!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-0145
1.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0145
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-0145
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-0145
-
Red Hat 2008-01-10Red Hat does not consider this to be a security issue. Regression introduced break glob() functionality, but does not bypass security restrictions. Furthermore, "open_basedir" bypass issues are not treated as security sensitive as described at https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
References for CVE-2008-0145
-
http://bugs.php.net/bug.php?id=41655
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39401
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
The Slackware Linux Project: Slackware Security Advisories
-
http://www.vupen.com/english/advisories/2008/0059
-
http://www.php.net/ChangeLog-4.php
PHP: PHP 4 ChangeLog
-
http://www.php.net/releases/4_4_8.php
PHP: PHP 4.4.8 Release Announcement
Jump to