CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-09 00:29

Updated : 2024-02-04 20:20


NVD link : CVE-2019-9637

Mitre link : CVE-2019-9637

CVE.ORG link : CVE-2019-9637


JSON object : View

Products Affected

debian

  • debian_linux

netapp

  • storage_automation_store

canonical

  • ubuntu_linux

php

  • php

opensuse

  • leap
CWE
CWE-264

Permissions, Privileges, and Access Controls