Back to bug 1009103
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Michael S. | 2013-09-17 17:08:04 UTC | Keywords | Security | |
| CC | security-response-team | |||
| Red Hat Bugzilla | 2013-09-17 17:08:04 UTC | Doc Type | --- | Bug Fix |
| Vincent Danen | 2013-09-18 04:09:15 UTC | CC | vdanen | |
| Huzaifa S. Sidhpurwala | 2013-09-18 10:30:28 UTC | CC | jorton | |
| Michael S. | 2013-09-18 11:17:44 UTC | CC | rcollet | |
| Vincent Danen | 2013-09-25 19:58:58 UTC | Component | php | vulnerability |
| Version | 6.4 | unspecified | ||
| Assignee | webstack-team | security-response-team | ||
| Product | Red Hat Enterprise Linux 6 | Security Response | ||
| Target Milestone | rc | --- | ||
| QA Contact | qe-baseos-apps | |||
| Vincent Danen | 2013-09-25 20:02:06 UTC | Whiteboard | impact=moderate,public=None,reported=None,source=None,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | |
| Vincent Danen | 2013-09-25 20:02:19 UTC | CC | jkurik | |
| Vincent Danen | 2013-09-25 20:02:24 UTC | Whiteboard | impact=moderate,public=None,reported=None,source=None,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | impact=moderate,public=no,reported=None,source=None,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected |
| Vincent Danen | 2013-09-25 20:02:30 UTC | Whiteboard | impact=moderate,public=no,reported=None,source=None,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | impact=moderate,public=no,reported=20130917,source=None,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected |
| Vincent Danen | 2013-09-25 20:02:36 UTC | Whiteboard | impact=moderate,public=no,reported=20130917,source=None,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected |
| Vincent Danen | 2013-09-25 20:19:25 UTC | Priority | unspecified | low |
| Summary | predictible filename used for cache in world writable directory | php: predictible filename used for cache in world writable directory | ||
| Whiteboard | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | impact=low,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | ||
| Severity | unspecified | low | ||
| Vincent Danen | 2013-09-25 20:19:55 UTC | Priority | low | medium |
| Whiteboard | impact=low,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | ||
| Severity | low | medium | ||
| Vincent Danen | 2013-09-25 20:37:53 UTC | Whiteboard | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected,rhel-5/php=affected,rhel-5/php53=affected,rhel-7/php=affected,rhscl-1/php=affected,openshift-1/php=affected,openshift-enterprise-1/php=affected |
| Vincent Danen | 2013-09-25 20:38:21 UTC | CC | bgollahe, bleanhar, ccoleman, dmcphers, drieden, jdetiber, jialiu, lmeyer, mmaslano, pfrields, tdawson, tkramer | |
| Vincent Danen | 2013-09-25 20:44:10 UTC | Blocks | 1012158 | |
| Tomas Hoger | 2014-04-10 21:21:50 UTC | Whiteboard | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-6/php=affected,rhel-5/php=affected,rhel-5/php53=affected,rhel-7/php=affected,rhscl-1/php=affected,openshift-1/php=affected,openshift-enterprise-1/php=affected | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=affected,openshift-enterprise-1/php=new,openshift-enterprise-2/php=new |
| Tomas Hoger | 2014-04-10 21:22:20 UTC | CC | briang, jkeck, kseifried | |
| John Skeoch | 2014-06-18 07:58:21 UTC | CC | tkramer | mmcgrath |
| Kurt Seifried | 2014-10-28 23:21:28 UTC | Whiteboard | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=affected,openshift-enterprise-1/php=new,openshift-enterprise-2/php=new | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=affected,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=new |
| Kurt Seifried | 2014-10-30 05:41:49 UTC | Whiteboard | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=affected,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=new | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
| Kurt Seifried | 2015-02-05 04:47:36 UTC | CC | huzaifas | |
| Flags | needinfo?(huzaifas) | |||
| Kurt Seifried | 2015-02-08 22:14:38 UTC | Alias | CVE-2013-6501 | |
| Kurt Seifried | 2015-02-08 22:14:40 UTC | Summary | php: predictible filename used for cache in world writable directory | CVE-2013-6501 php: predictible filename used for cache in world writable directory |
| Kurt Seifried | 2015-02-08 22:17:25 UTC | Whiteboard | impact=moderate,public=no,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | impact=moderate,public=20150208,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
| Kurt Seifried | 2015-02-08 22:17:37 UTC | Group | security | |
| Kurt Seifried | 2015-02-08 22:19:43 UTC | Flags | needinfo?(huzaifas) | |
| Salvatore Bonaccorso | 2015-03-09 13:00:31 UTC | CC | carnil | |
| Francisco Alonso | 2015-03-17 09:22:08 UTC | Whiteboard | impact=moderate,public=20150208,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | impact=moderate,public=20150208,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
| Francisco Alonso | 2015-03-17 09:22:35 UTC | CC | joelsmith, jokerman, mmccomas, webstack-team | |
| Francisco Alonso | 2015-03-17 09:25:57 UTC | Whiteboard | impact=moderate,public=20150208,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | impact=moderate,public=20150208,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
| Francisco Alonso | 2015-03-17 09:35:52 UTC | CC | falonso | |
| Doc Text | It was found that the php WSDL extension is reading predictible filename from a cache directory. In a shared environment an attacker could use this flaw to perform a cache injection using a specially crafted tmp file. | |||
| Francisco Alonso | 2015-03-17 09:38:01 UTC | Whiteboard | impact=moderate,public=20150208,reported=20130917,source=bugzilla,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | impact=moderate,public=20150208,reported=20130917,source=redhat,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
| Martin Prpič | 2015-03-18 08:50:44 UTC | Summary | CVE-2013-6501 php: predictible filename used for cache in world writable directory | CVE-2013-6501 php: predictable file name used for cache in world writeable directory |
| Martin Prpič | 2015-03-18 08:57:38 UTC | Doc Text | It was found that the php WSDL extension is reading predictible filename from a cache directory. In a shared environment an attacker could use this flaw to perform a cache injection using a specially crafted tmp file. | It was found that the PHP WSDL extension used a file with a predictable name in a world readable directory as a cache. A remote attacker could use this flaw to poison the cache using a specially crafted temporary file. |
| Francisco Alonso | 2015-04-01 09:14:18 UTC | Doc Text | It was found that the PHP WSDL extension used a file with a predictable name in a world readable directory as a cache. A remote attacker could use this flaw to poison the cache using a specially crafted temporary file. | It was found that the PHP WSDL extension used a file with a predictable name in a world readable directory as a cache. A local attacker could use this flaw to poison the cache using a specially crafted temporary file. |
| Whiteboard | impact=moderate,public=20150208,reported=20130917,source=redhat,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | impact=low,public=20150208,reported=20130917,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | ||
| Francisco Alonso | 2015-04-01 09:21:41 UTC | Whiteboard | impact=low,public=20150208,reported=20130917,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=affected,rhscl-2/rh-php56-php=affected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | impact=low,public=20150208,reported=20130917,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=notaffected,rhscl-2/rh-php56-php=notaffected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
| Florian Weimer | 2015-04-14 10:07:09 UTC | Whiteboard | impact=low,public=20150208,reported=20130917,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=affected,rhel-5/php53=affected,rhel-6/php=affected,rhel-7/php=affected,rhscl-1/php54-php=affected,rhscl-1/php55-php=notaffected,rhscl-2/rh-php56-php=notaffected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix | impact=low,public=20150208,reported=20130917,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=wontfix,rhel-5/php53=wontfix,rhel-6/php=wontfix,rhel-7/php=wontfix,rhscl-1/php54-php=wontfix,rhscl-1/php55-php=notaffected,rhscl-2/rh-php56-php=notaffected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
| Florian Weimer | 2015-04-14 10:07:17 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2015-04-14 06:07:17 UTC | |||
| Ján Rusnačko | 2015-08-19 08:19:02 UTC | Severity | medium | low |
| Ján Rusnačko | 2015-08-19 08:19:04 UTC | Priority | medium | low |
| Product Security DevOps Team | 2019-09-29 13:08:22 UTC | Whiteboard | impact=low,public=20150208,reported=20130917,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-377,rhel-5/php=wontfix,rhel-5/php53=wontfix,rhel-6/php=wontfix,rhel-7/php=wontfix,rhscl-1/php54-php=wontfix,rhscl-1/php55-php=notaffected,rhscl-2/rh-php56-php=notaffected,openshift-1/php=wontfix,openshift-enterprise-1/php=wontfix,openshift-enterprise-2/php=wontfix |
Back to bug 1009103