CVE-2011-0754 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2011-0754

Deferred

More Info Official Page

Source-cve@mitre.org

Published At-02 Feb, 2011 | 22:00

Updated At-11 Apr, 2025 | 00:51

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

>>php>>Versions up to 5.3.3(inclusive)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

>>php>>1.0

cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*

>>php>>2.0

cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*

>>php>>2.0b10

cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*

>>php>>3.0

cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

>>php>>3.0.1

cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

>>php>>3.0.2

cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

>>php>>3.0.3

cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

>>php>>3.0.4

cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

>>php>>3.0.5

cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

>>php>>3.0.6

cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

>>php>>3.0.7

cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

>>php>>3.0.8

cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

>>php>>3.0.9

cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

>>php>>3.0.10

cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

>>php>>3.0.11

cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

>>php>>3.0.12

cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

>>php>>3.0.13

cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

>>php>>3.0.14

cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

>>php>>3.0.15

cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

>>php>>3.0.16

cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

>>php>>3.0.17

cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

>>php>>3.0.18

cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

>>php>>4.0

cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*

>>php>>4.0

cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

>>php>>4.0

cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

>>php>>4.0

cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

>>php>>4.0

cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

>>php>>4.0

cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

>>php>>4.0.0

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

>>php>>4.0.1

cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

>>php>>4.0.2

cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

>>php>>4.0.3

cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

>>php>>4.0.4

cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

>>php>>4.0.5

cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

>>php>>4.0.6

cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

>>php>>4.0.7

cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

>>php>>4.1.0

cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

>>php>>4.1.1

cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

>>php>>4.1.2

cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

>>php>>4.2.0

cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

>>php>>4.2.1

cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

>>php>>4.2.2

cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

>>php>>4.2.3

cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

>>php>>4.3.0

cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

>>php>>4.3.1

cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

>>php>>4.3.2

cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

>>php>>4.3.3

cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

>>php>>4.3.4

cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

>>php>>4.3.5

cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://bugs.php.net/51763	cve@mitre.org	N/A
http://www.php.net/ChangeLog-5.php	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/65429	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334	cve@mitre.org	N/A
http://bugs.php.net/51763	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.php.net/ChangeLog-5.php	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/65429	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12334	af854a3a-2127-422b-91ae-364da2661108	N/A