Lucene search

K

Redhat.comRH:CVE-2007-4657

HistoryOct 30, 2015 - 9:33 a.m.

CVE-2007-4657

2015-10-3009:33:14

redhat.com

access.redhat.com

1

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.2%

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

References

bugzilla.redhat.com/show_bug.cgi?id=278061

nvd.nist.gov/vuln/detail/CVE-2007-4657

www.cve.org/CVERecord?id=CVE-2007-4657

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.2%

Related for RH:CVE-2007-4657

cve2 ubuntucve4 prion2 nessus27 openvas38 veracode1 ubuntu4 debiancve1 seebug1 f52 debian5 osv3 redhat5 centos3 freebsd1 oraclelinux3 fedora1 securityvulns1 gentoo1 suse1