3 matches found
CVE-2007-1522
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3289)
This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the 'Month of PHP Bugs'. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. CVE-2007-1380, CVE-2007-0988, CVE-2007-1375, CVE-2007-1454 CVE-2007-1453,...
CVE-2007-1522
CVE-2007-1522 describes a double-free vulnerability in PHP’s session extension affecting PHP 5.2.0 and 5.2.1. The issue arises when an internal session storage module rejects illegal characters in a session identifier but calls the session identifier generator with an improper environment, causin...