CVE-2006-4483

Publication date 31 August 2006

Last updated 17 July 2025

Ubuntu priority

Description

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	7.04 feisty	Fixed 5.2.1-0ubuntu1.4
	6.10 edgy	Fixed 5.1.6-1ubuntu2.6
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.9

How can I get the fixes?
What do statuses mean?

Notes

kees

safe-mode bypass is not supported

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2006-4483