10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.202 Low
EPSS
Percentile
95.8%
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer
overflow could occur in memory allocation. If a script used the
imap_mail_compose() function to create a new MIME message based on an
input body from an untrusted source, it could result in a heap overflow.
An attacker with access to a PHP application affected by any these issues
could trigger the flaws and possibly execute arbitrary code as the
‘apache’ user. (CVE-2007-0906)
When unserializing untrusted data on 64-bit platforms, the
zend_hash_init() function could be forced into an infinite loop, consuming
CPU resources for a limited time, until the script timeout alarm aborted
execution of the script. (CVE-2007-0988)
If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap
memory. (CVE-2007-0908)
If the odbc_result_all() function was used to display data from a
database, and the database table contents were under an attacker’s
control, a format string vulnerability was possible which could allow
arbitrary code execution. (CVE-2007-0909)
A one byte memory read always occurs before the beginning of a buffer.
This could be triggered, for example, by any use of the header() function
in a script. However it is unlikely that this would have any effect.
(CVE-2007-0907)
Several flaws in PHP could allow attackers to “clobber” certain
super-global variables via unspecified vectors. (CVE-2007-0910)
An input validation bug allowed a remote attacker to trigger a denial of
service attack by submitting an input variable with a deeply-nested-array.
(CVE-2007-1285)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | php-pdo | < 5.1.6-7.el5 | php-pdo-5.1.6-7.el5.i386.rpm |
RedHat | 5 | ia64 | php-odbc | < 5.1.6-7.el5 | php-odbc-5.1.6-7.el5.ia64.rpm |
RedHat | 5 | ia64 | php-pdo | < 5.1.6-7.el5 | php-pdo-5.1.6-7.el5.ia64.rpm |
RedHat | 5 | i386 | php-gd | < 5.1.6-7.el5 | php-gd-5.1.6-7.el5.i386.rpm |
RedHat | 5 | ia64 | php-bcmath | < 5.1.6-7.el5 | php-bcmath-5.1.6-7.el5.ia64.rpm |
RedHat | 5 | s390x | php-xmlrpc | < 5.1.6-7.el5 | php-xmlrpc-5.1.6-7.el5.s390x.rpm |
RedHat | 5 | s390x | php | < 5.1.6-7.el5 | php-5.1.6-7.el5.s390x.rpm |
RedHat | 5 | x86_64 | php-ldap | < 5.1.6-7.el5 | php-ldap-5.1.6-7.el5.x86_64.rpm |
RedHat | 5 | x86_64 | php-snmp | < 5.1.6-7.el5 | php-snmp-5.1.6-7.el5.x86_64.rpm |
RedHat | 5 | x86_64 | php | < 5.1.6-7.el5 | php-5.1.6-7.el5.x86_64.rpm |