CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.1%
The PHP development team reports:
Security Enhancements and Fixes in PHP 5.2.2 and PHP
4.4.7:
Fixed CVE-2007-1001, GD wbmp used with invalid image
size
Fixed asciiz byte truncation inside mail()
Fixed a bug in mb_parse_str() that can be used to
activate register_globals
Fixed unallocated memory access/double free in in
array_user_key_compare()
Fixed a double free inside session_regenerate_id()
Added missing open_basedir & safe_mode checks to zip://
and bzip:// wrappers.
Limit nesting level of input variables with
max_input_nesting_level as fix for.
Fixed CRLF injection inside ftp_putcmd().
Fixed a possible super-global overwrite inside
import_request_variables().
Fixed a remotely trigger-able buffer overflow inside
bundled libxmlrpc library.
Security Enhancements and Fixes in PHP 5.2.2 only:
Fixed a header injection via Subject and To parameters
to the mail() function
Fixed wrong length calculation in unserialize S
type.
Fixed substr_compare and substr_count information
leak.
Fixed a remotely trigger-able buffer overflow inside
make_http_soap_request().
Fixed a buffer overflow inside
user_filter_factory_create().
Security Enhancements and Fixes in PHP 4.4.7 only:
XSS in phpinfo()
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | php5-imap | < 5.2.2 | UNKNOWN |
FreeBSD | any | noarch | php5-odbc | < 5.2.2 | UNKNOWN |
FreeBSD | any | noarch | php5-session | < 5.2.2 | UNKNOWN |
FreeBSD | any | noarch | php5-shmop | < 5.2.2 | UNKNOWN |
FreeBSD | any | noarch | php5-sqlite | < 5.2.2 | UNKNOWN |
FreeBSD | any | noarch | php5-wddx | < 5.2.2 | UNKNOWN |
FreeBSD | any | noarch | php5 | < 5.2.2 | UNKNOWN |
FreeBSD | any | noarch | php4-odbc | < 4.4.7 | UNKNOWN |
FreeBSD | any | noarch | php4-session | < 4.4.7 | UNKNOWN |
FreeBSD | any | noarch | php4-shmop | < 4.4.7 | UNKNOWN |