Lucene search

[email protected]NVD:CVE-2007-4658

HistorySep 04, 2007 - 10:17 p.m.

CVE-2007-4658

2007-09-0422:17:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.8%

JSON

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Affected configurations

NVD

Node

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

Node

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

References

lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

rhn.redhat.com/errata/RHSA-2007-0889.html

secunia.com/advisories/26642

secunia.com/advisories/26822

secunia.com/advisories/26838

secunia.com/advisories/26871

secunia.com/advisories/26895

secunia.com/advisories/26930

secunia.com/advisories/26967

secunia.com/advisories/27102

secunia.com/advisories/27377

secunia.com/advisories/27545

secunia.com/advisories/27864

secunia.com/advisories/28249

secunia.com/advisories/28658

secunia.com/advisories/28936

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136

support.avaya.com/elmodocs2/security/ASA-2007-449.htm

www.debian.org/security/2008/dsa-1444

www.gentoo.org/security/en/glsa/glsa-200710-02.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:187

www.php.net/ChangeLog-4.php

www.php.net/ChangeLog-5.php#5.2.4

www.php.net/releases/4_4_8.php

www.php.net/releases/5_2_4.php

www.redhat.com/support/errata/RHSA-2007-0890.html

www.redhat.com/support/errata/RHSA-2007-0891.html

www.trustix.org/errata/2007/0026/

www.ubuntu.com/usn/usn-549-2

www.vupen.com/english/advisories/2007/3023

www.vupen.com/english/advisories/2008/0059

exchange.xforce.ibmcloud.com/vulnerabilities/36377

issues.rpath.com/browse/RPL-1693

issues.rpath.com/browse/RPL-1702

launchpad.net/bugs/173043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10363

usn.ubuntu.com/549-1/

www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for NVD:CVE-2007-4658

veracode1 prion1 ubuntucve1 cvelist1 cve1 nessus22 openvas26 fedora1 oraclelinux2 redhat4 centos2 debian2 osv1 securityvulns1 ubuntu2 freebsd1 suse1 f52 gentoo1