Security restrictions bypass in PHP - CVE-2015-4598
Published: November 27, 2018
Vulnerability identifier: #VU16118
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-4598
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences. A remote attacker can read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename.html attack that bypasses an intended configuration in which client users may write to only .html files.
The weakness exists due to PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences. A remote attacker can read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename.html attack that bypasses an intended configuration in which client users may write to only .html files.
How to mitigate CVE-2015-4598
Install update from vendor's website.