Lucene search

PRIOn knowledge basePRION:CVE-2007-1886

HistoryApr 06, 2007 - 1:19 a.m.

Integer overflow

2007-04-0601:19:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an “off by one overflow.”

CPENameOperatorVersion
phpeq4.4.5
phpeq5.2.1

CPE	Name	Operator	Version
	php	eq	4.4.5
	php	eq	5.2.1

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137

secunia.com/advisories/25423

secunia.com/advisories/25850

www.php-security.org/MOPB/MOPB-39-2007.html

www.vupen.com/english/advisories/2007/1991

www.vupen.com/english/advisories/2007/2374

exchange.xforce.ibmcloud.com/vulnerabilities/33768

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

Related for PRION:CVE-2007-1886