CVE-2004-0490 - Vulnerability Details - OpenCVE

cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cpanel	Cpanel

Configuration 1 [-]

OR	cpe:2.3:a:cpanel:cpanel:5.0:::::::*
	cpe:2.3:a:cpanel:cpanel:5.3:::::::*
	cpe:2.3:a:cpanel:cpanel:6.0:::::::*
	cpe:2.3:a:cpanel:cpanel:6.2:::::::*
	cpe:2.3:a:cpanel:cpanel:6.4:::::::*
	cpe:2.3:a:cpanel:cpanel:6.4.1:::::::*
	cpe:2.3:a:cpanel:cpanel:6.4.2:::::::*
	cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:::::::*
	cpe:2.3:a:cpanel:cpanel:7.0:::::::*
	cpe:2.3:a:cpanel:cpanel:8.0:::::::*
	cpe:2.3:a:cpanel:cpanel:9.0:::::::*
	cpe:2.3:a:cpanel:cpanel:9.1:::::::*
	cpe:2.3:a:cpanel:cpanel:9.1.0_r85:::::::*

No data.

References

Link	Providers
http://bugzilla.cpanel.net/show_bug.cgi?id=283
http://bugzilla.cpanel.net/show_bug.cgi?id=664
http://www.a-squad.com/audit/explain10.html
http://www.securiteam.com/tools/5TP0N15CUA.html
http://www.securityfocus.com/archive/1/364112
http://www.securityfocus.com/bid/10407
https://exchange.xforce.ibmcloud.com/vulnerabilities/16239

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-06-03T04:00:00

Updated: 2024-08-08T00:17:14.986Z

Reserved: 2004-05-27T00:00:00

Link: CVE-2004-0490

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-08-18T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-0490

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10407", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10407"}, {"name": "cpanel-modphpsuexec-execute-commands(16239)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"}, {"tags": ["x_refsource_MISC"], "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"}, {"name": "20040524 cPanel mod_phpsuexec Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/364112"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securiteam.com/tools/5TP0N15CUA.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.a-squad.com/audit/explain10.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0490", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10407", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10407"}, {"name": "cpanel-modphpsuexec-execute-commands(16239)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"}, {"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=664", "refsource": "CONFIRM", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"}, {"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=283", "refsource": "MISC", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"}, {"name": "20040524 cPanel mod_phpsuexec Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/364112"}, {"name": "http://www.securiteam.com/tools/5TP0N15CUA.html", "refsource": "MISC", "url": "http://www.securiteam.com/tools/5TP0N15CUA.html"}, {"name": "http://www.a-squad.com/audit/explain10.html", "refsource": "MISC", "url": "http://www.a-squad.com/audit/explain10.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:17:14.986Z"}, "title": "CVE Program Container", "references": [{"name": "10407", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10407"}, {"name": "cpanel-modphpsuexec-execute-commands(16239)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"}, {"name": "20040524 cPanel mod_phpsuexec Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/364112"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securiteam.com/tools/5TP0N15CUA.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.a-squad.com/audit/explain10.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0490", "datePublished": "2004-06-03T04:00:00", "dateReserved": "2004-05-27T00:00:00", "dateUpdated": "2024-08-08T00:17:14.986Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*", "matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cpanel:cpanel:9.1.0_r85:*:*:*:*:*:*:*", "matchCriteriaId": "4D9DDCBE-8A9C-44FC-8A24-47933CE057F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529."}, {"lang": "es", "value": "cPanel, cuando se compila Apache 1.3.29 y PHP con la opci\u00f3n mod_phpsuexec, no establece la opci\u00f3n --enable-discard-path, lo que hace que php use la variable SCRIPT_FILENAME para ejecutar un script en lugar de la variable PATH_TRANSLATED, lo que permite a usuarios locales ejecutar c\u00f3digo PHP de su elecci\u00f3n como otros usuarios mediante una URL que referencia al script del atacante con los privilegios del usuario, una vulnerabilidad distinta de CAN-2004-0529."}], "id": "CVE-2004-0490", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"}, {"source": "cve@mitre.org", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"}, {"source": "cve@mitre.org", "url": "http://www.a-squad.com/audit/explain10.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securiteam.com/tools/5TP0N15CUA.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/364112"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10407"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.a-squad.com/audit/explain10.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securiteam.com/tools/5TP0N15CUA.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/364112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}