Lucene search

[email protected]CVE-2007-1581

HistoryMar 21, 2007 - 11:19 p.m.

CVE-2007-1581

2007-03-2123:19:00

CWE-94

[email protected]

web.nvd.nist.gov

119

php

resource system

arbitrary code execution

vulnerability

nvd

cve-2007-1581

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.5%

JSON

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.

Affected configurations

NVD

Node

phpphpMatch5.0rc1

phpphpMatch5.0rc2

phpphpMatch5.0rc3

phpphpMatch5.0.0

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

CPENameOperatorVersion
php:phpphpeq5.0
php:phpphpeq5.0.0
php:phpphpeq5.0.1
php:phpphpeq5.0.2
php:phpphpeq5.0.3
php:phpphpeq5.0.4
php:phpphpeq5.0.5
php:phpphpeq5.1.0
php:phpphpeq5.1.1
php:phpphpeq5.1.2

CPE	Name	Operator	Version
php:php	php	eq	5.0
php:php	php	eq	5.0.0
php:php	php	eq	5.0.1
php:php	php	eq	5.0.2
php:php	php	eq	5.0.3
php:php	php	eq	5.0.4
php:php	php	eq	5.0.5
php:php	php	eq	5.1.0
php:php	php	eq	5.1.1
php:php	php	eq	5.1.2