suse · CVE-2017-5630

Quick triage

Priority: low Published: 2021-05-30 13:52:54 UTC Updated: 2025-10-05 02:25:20 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-5630 severity low: SUSE including 52 source package names (apache2-mod_php7, php7, …), 459 product×package rows across 11 product lines (SUSE Enterprise Storage 7, SUSE Enterprise Storage 7.1, … (11 product lines)): Will Not Fix 459.

Description:

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.

cvelogic Threat Intelligence