CVE-2007-3378 : The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlie

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

Published 2007-06-29 18:30:00

Updated 2020-09-18 19:15:13

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2007-3378

Top countries where our scanners detected CVE-2007-3378

Top open port discovered on systems with this issue 80

IPs affected by CVE-2007-3378 23,120

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2007-3378!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2007-3378

Probability of exploitation activity in the next 30 days: 0.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-3378

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-3378

CWE-264

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2007-3378

Red Hat 2007-07-05

We do not consider this to be security issues. For more details see: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

References for CVE-2007-3378

http://www.vupen.com/english/advisories/2008/0398

Permissions Required;Third Party Advisory

CVEs referencing this url
http://securityreason.com/securityalert/2831

Exploit;Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39403

Third Party Advisory;VDB Entry
http://www.php.net/ChangeLog-5.php#5.2.4

PHP: PHP 5 ChangeLog
Patch;Vendor Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2020/09/17/3
http://www.php.net/releases/5_2_5.php

Patch;Vendor Advisory

CVEs referencing this url
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136

The Slackware Linux Project: Slackware Security Advisories
Mailing List;Third Party Advisory

CVEs referencing this url
https://issues.rpath.com/browse/RPL-1702

Broken Link

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0059

Permissions Required;Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/35102

Third Party Advisory;VDB Entry
http://www.trustix.org/errata/2007/0026/

Trustix | Empowering Trust and Security in the Digital Age
Broken Link

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/3023

Permissions Required;Third Party Advisory

CVEs referencing this url
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501

Broken Link

CVEs referencing this url
http://www.php.net/ChangeLog-4.php

PHP: PHP 4 ChangeLog
Patch;Vendor Advisory

CVEs referencing this url
http://www.php.net/ChangeLog-5.php#5.2.5

Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/491693/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://docs.info.apple.com/article.html?artnum=307562

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/24661

Patch;Third Party Advisory;VDB Entry
http://securityreason.com/achievement_securityalert/45

Exploit;Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

Third Party Advisory

CVEs referencing this url
http://www.php.net/releases/5_2_4.php

PHP: PHP 5.2.4 Release Announcement
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/25498

Patch;Third Party Advisory;VDB Entry

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6056

Third Party Advisory
http://www.php.net/releases/4_4_8.php

PHP: PHP 4.4.8 Release Announcement
Patch;Vendor Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2020/Sep/34

Full Disclosure: Apache + PHP <= 7.4.10 open_basedir bypass
https://issues.rpath.com/browse/RPL-1693

Broken Link

CVEs referencing this url
http://www.securityfocus.com/archive/1/472343/100/0/threaded

Third Party Advisory;VDB Entry
http://securityreason.com/achievement_exploitalert/9

Third Party Advisory
http://securityreason.com/securityalert/3389

Exploit;Third Party Advisory
http://www.vupen.com/english/advisories/2008/0924/references

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Permissions Required;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2007-3378

PHP » PHP
Versions from including (>=) 5.0.0 and up to, including, (<=) 5.2.3
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions
PHP » PHP
Versions from including (>=) 4.0.0 and up to, including, (<=) 4.4.7
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions