Lucene search

[email protected]CVE-2007-1399

HistoryMar 10, 2007 - 10:19 p.m.

CVE-2007-1399

2007-03-1022:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

buffer overflow

zip

pecl

php

remote code execution

security vulnerability

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.827 High

EPSS

Percentile

98.4%

JSON

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

CPENameOperatorVersion
pecl_zip:1.8.3pecl zip 1.8.3eq*
php:phpphpeq5.2.0
php:phpphpeq5.2.1

CPE	Name	Operator	Version
pecl_zip:1.8.3	pecl zip 1.8.3	eq	*
php:php	php	eq	5.2.0
php:php	php	eq	5.2.1

References

lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

secunia.com/advisories/24471

secunia.com/advisories/24514

secunia.com/advisories/25938

www.debian.org/security/2007/dsa-1330

www.osvdb.org/32782

www.php-security.org/MOPB/MOPB-16-2007.html

www.securityfocus.com/bid/22883

www.vupen.com/english/advisories/2007/0898

exchange.xforce.ibmcloud.com/vulnerabilities/32889

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.827 High

EPSS

Percentile

98.4%

JSON

Related for CVE-2007-1399

prion1 ubuntucve1 redhatcve1 openvas5 osv1 securityvulns1 nessus3 debian1 suse1