PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0185)

Description

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Remediation

References

CVE-2014-0185

Related Vulnerabilities

MySQL CVE-2016-5436 Vulnerability (CVE-2016-5436)

WordPress Plugin YITH WooCommerce Ajax Search Security Bypass (1.6.9)

WordPress Plugin Metronet Tag Manager Cross-Site Request Forgery (1.2.7)

Microsoft IIS5 NTLM and Basic authentication bypass

WordPress Plugin Markup (JSON-LD) structured in schema.org Cross-Site Scripting (4.8.1)

Severity

High

Classification

CVE-2014-0185 CWE-264