GoogleOSV:DSA-1264-1php4
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
88.3%
Several remote vulnerabilities have been discovered in PHP, a server-side,
HTML-embedded scripting language, which may lead to the execution of
arbitrary code. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2007-0906
It was discovered that an integer overflow in the str_replace()
function could lead to the execution of arbitrary code. - CVE-2007-0907
It was discovered that a buffer underflow in the sapi_header_op()
function could crash the PHP interpreter. - CVE-2007-0908
Stefan Esser discovered that a programming error in the wddx
extension allows information disclosure. - CVE-2007-0909
It was discovered that a format string vulnerability in the
odbc_result_all() functions allows the execution of arbitrary code. - CVE-2007-0910
It was discovered that super-global variables could be overwritten
with session data. - CVE-2007-0988
Stefan Esser discovered that the zend_hash_init() function could
be tricked into an endless loop, allowing denial of service through
resource consumption until a timeout is triggered.
For the stable distribution (sarge) these problems have been fixed in
version 4:4.3.10-19.
For the unstable distribution (sid) these problems have been fixed in
version 6:4.4.4-9 of php4 and version 5.2.0-9 of php5.
We recommend that you upgrade your php4 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php4 | eq | 4:4.3.10-15 | |
| php4 | eq | 4:4.3.10-16 | |
| php4 | eq | 4:4.3.10-17 | |
| php4 | eq | 4:4.3.10-18 |
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.024 Low
EPSS
Percentile
88.3%