What is the severity of CVE-2004-1063?

CVE-2004-1063 is considered to have a moderate severity due to the potential for local users to execute commands outside designated directories.

How do I fix CVE-2004-1063?

To fix CVE-2004-1063, users should upgrade to a patched version of PHP that is beyond 4.3.9 or 5.0.2.

Who is affected by CVE-2004-1063?

CVE-2004-1063 affects PHP versions 4.x up to 4.3.9 and 5.x up to 5.0.2 when running in safe mode.

What systems are vulnerable to CVE-2004-1063?

Vulnerable systems include multithreaded Unix web servers running specific versions of PHP under safe mode.

What mitigations exist for CVE-2004-1063?

Mitigations for CVE-2004-1063 include disabling safe mode or applying the latest security patches for affected PHP versions.

Vulnerability/
CVE-2004-1063

critical

CWE

8/12/2004

10/1/2005

8/8/2024

CVE-2004-1063

First published: Wed Dec 08 2004(Updated: )

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PHP	>=5.0.0<=5.0.2
PHP	>=4.0.0<=4.3.9
Ubuntu	=4.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-1063?
CVE-2004-1063 is considered to have a moderate severity due to the potential for local users to execute commands outside designated directories.
How do I fix CVE-2004-1063?
To fix CVE-2004-1063, users should upgrade to a patched version of PHP that is beyond 4.3.9 or 5.0.2.
Who is affected by CVE-2004-1063?
CVE-2004-1063 affects PHP versions 4.x up to 4.3.9 and 5.x up to 5.0.2 when running in safe mode.
What systems are vulnerable to CVE-2004-1063?
Vulnerable systems include multithreaded Unix web servers running specific versions of PHP under safe mode.
What mitigations exist for CVE-2004-1063?
Mitigations for CVE-2004-1063 include disabling safe mode or applying the latest security patches for affected PHP versions.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/status
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/php
canonical/php
version/php/5.0.0
version/php/5.0.2
version/php/4.0.0
version/php/4.3.9
vendor/canonical
canonical/ubuntu
version/ubuntu/4.10
status/rejected

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.