Lucene search

Redhat.comRH:CVE-2007-3205

HistoryOct 30, 2015 - 9:43 a.m.

CVE-2007-3205

2015-10-3009:43:26

redhat.com

access.redhat.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.065 Low

EPSS

Percentile

93.8%

JSON

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

References

nvd.nist.gov/vuln/detail/CVE-2007-3205

www.cve.org/CVERecord?id=CVE-2007-3205

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.4 High

AI Score

Confidence

Low

0.065 Low

EPSS

Percentile

93.8%

JSON

Related for RH:CVE-2007-3205