Lucene search

[email protected]CVE-2007-5899

HistoryNov 20, 2007 - 7:46 p.m.

CVE-2007-5899

2007-11-2019:46:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2007-5899

php

information security

vulnerability

remote exploitation

nvd

5.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.4%

JSON

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

CPENameOperatorVersion
php:phpphple5.2.4

CPE	Name	Operator	Version
php:php	php	le	5.2.4

References

bugs.php.net/bug.php?id=42869

osvdb.org/38918

secunia.com/advisories/27659

secunia.com/advisories/27864

secunia.com/advisories/28249

secunia.com/advisories/30040

secunia.com/advisories/30828

secunia.com/advisories/31119

secunia.com/advisories/31124

secunia.com/advisories/31200

wiki.rpath.com/wiki/Advisories:rPSA-2007-0242

www.debian.org/security/2008/dsa-1444

www.mandriva.com/security/advisories?name=MDVSA-2008:125

www.mandriva.com/security/advisories?name=MDVSA-2008:126

www.mandriva.com/security/advisories?name=MDVSA-2008:127

www.php.net/ChangeLog-5.php#5.2.5

www.php.net/releases/5_2_5.php

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0544.html

www.redhat.com/support/errata/RHSA-2008-0545.html

www.redhat.com/support/errata/RHSA-2008-0546.html

www.redhat.com/support/errata/RHSA-2008-0582.html

www.securityfocus.com/archive/1/491693/100/0/threaded

www.ubuntu.com/usn/usn-549-2

www.ubuntu.com/usn/usn-628-1

issues.rpath.com/browse/RPL-1943

launchpad.net/bugs/173043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11211

usn.ubuntu.com/549-1/

www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html

5.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2007-5899

veracode1 ubuntucve1 prion1 openvas35 fedora3 nessus18 securityvulns3 redhat5 centos3 oraclelinux2 osv1 debian2 ubuntu3