Lucene search

K

[email protected]NVD:CVE-2007-1885

HistoryApr 06, 2007 - 1:19 a.m.

CVE-2007-1885

2007-04-0601:19:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.

Affected configurations

NVD

Node

phpphpMatch4.0.0

OR

phpphpMatch4.0.1

OR

phpphpMatch4.0.1patch1

OR

phpphpMatch4.0.1patch2

OR

phpphpMatch4.0.2

OR

phpphpMatch4.0.3

OR

phpphpMatch4.0.3patch1

OR

phpphpMatch4.0.4

OR

phpphpMatch4.0.4patch1

OR

phpphpMatch4.0.5

OR

phpphpMatch4.0.6

OR

phpphpMatch4.0.7

OR

phpphpMatch4.0.7rc1

OR

phpphpMatch4.0.7rc2

OR

phpphpMatch4.0.7rc3

OR

phpphpMatch4.1.0

OR

phpphpMatch4.1.1

OR

phpphpMatch4.1.2

OR

phpphpMatch4.2dev

OR

phpphpMatch4.2.0

OR

phpphpMatch4.2.1

OR

phpphpMatch4.2.2

OR

phpphpMatch4.2.3

OR

phpphpMatch4.3.0

OR

phpphpMatch4.3.1

OR

phpphpMatch4.3.2

OR

phpphpMatch4.3.3

OR

phpphpMatch4.3.4

OR

phpphpMatch4.3.5

OR

phpphpMatch4.3.6

OR

phpphpMatch4.3.7

OR

phpphpMatch4.3.8

OR

phpphpMatch4.3.9

OR

phpphpMatch4.3.10

OR

phpphpMatch4.3.11

OR

phpphpMatch4.4.0

OR

phpphpMatch4.4.1

OR

phpphpMatch4.4.2

OR

phpphpMatch4.4.3

OR

phpphpMatch4.4.4

OR

phpphpMatch4.4.5

OR

phpphpMatch4.4.6

OR

phpphpMatch5.0rc1

OR

phpphpMatch5.0rc2

OR

phpphpMatch5.0rc3

OR

phpphpMatch5.0.0

OR

phpphpMatch5.0.0beta1

OR

phpphpMatch5.0.0beta2

OR

phpphpMatch5.0.0beta3

OR

phpphpMatch5.0.0beta4

OR

phpphpMatch5.0.0rc1

OR

phpphpMatch5.0.0rc2

OR

phpphpMatch5.0.0rc3

OR

phpphpMatch5.0.1

OR

phpphpMatch5.0.2

OR

phpphpMatch5.0.3

OR

phpphpMatch5.0.4

OR

phpphpMatch5.0.5

OR

phpphpMatch5.1.0

OR

phpphpMatch5.1.1

OR

phpphpMatch5.1.2

OR

phpphpMatch5.1.3

OR

phpphpMatch5.1.4

OR

phpphpMatch5.1.5

OR

phpphpMatch5.1.6

OR

phpphpMatch5.2.0

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137

secunia.com/advisories/25423

secunia.com/advisories/25850

www.php-security.org/MOPB/MOPB-39-2007.html

www.php.net/releases/5_2_1.php

www.securityfocus.com/bid/23233

www.vupen.com/english/advisories/2007/1991

www.vupen.com/english/advisories/2007/2374

exchange.xforce.ibmcloud.com/vulnerabilities/33767

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

Related for NVD:CVE-2007-1885

prion3 cve3 cvelist3 ubuntucve3 redhatcve3 nvd2 veracode1 openvas32 securityvulns2 nessus21 fedora4 osv1 slackware1 ubuntu2 freebsd1 debian1 redhat4 centos2 oraclelinux2 suse2 gentoo1