Lucene search

K

[email protected]NVD:CVE-2007-1287

HistoryMar 06, 2007 - 8:19 p.m.

CVE-2007-1287

2007-03-0620:19:00

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.826 High

EPSS

Percentile

98.4%

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

Affected configurations

NVD

Node

phpphpMatch4.4.4

OR

phpphpMatch4.4.5

OR

phpphpMatch4.4.6

OR

phpphpMatch6.0

References

docs.info.apple.com/article.html?artnum=306172

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

secunia.com/advisories/26235

us2.php.net/releases/4_4_7.php

www.osvdb.org/32774

www.php-security.org/MOPB/MOPB-08-2007.html

www.securityfocus.com/bid/25159

www.vupen.com/english/advisories/2007/2732

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.826 High

EPSS

Percentile

98.4%

Related for NVD:CVE-2007-1287

cvelist2 securityvulns2 redhatcve1 ubuntucve2 prion1 cve2 nessus11 openvas5 fedora1 nvd1 centos3 redhat2 gentoo1 ubuntu1 seebug1