PHP vulnerabilities

2007-07-1700:00:00

ubuntu.com

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.9%

JSON

Releases

Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06

Details

It was discovered that the PHP xmlrpc extension did not correctly check
heap memory allocation sizes. A remote attacker could send a specially
crafted request to a PHP application using xmlrpc and execute arbitrary
code as the Apache user. (CVE-2007-1864)

Stefan Esser discovered a flaw in the random number initialization of the
PHP SOAP extension. This could lead to remote attackers being able to
predict certain elements of the authentication mechanism. (CVE-2007-2728)

OSVersionArchitecturePackageVersionFilename
Ubuntu7.04noarchphp5-xmlrpc< 5.2.1-0ubuntu1.4UNKNOWN
Ubuntu7.04noarchlibapache2-mod-php5< 5.2.1-0ubuntu1.4UNKNOWN
Ubuntu6.10noarchphp5-xmlrpc< 5.1.6-1ubuntu2.6UNKNOWN
Ubuntu6.10noarchlibapache2-mod-php5< 5.1.6-1ubuntu2.6UNKNOWN
Ubuntu6.06noarchphp5-xmlrpc< 5.1.2-1ubuntu3.9UNKNOWN
Ubuntu6.06noarchlibapache2-mod-php5< 5.1.2-1ubuntu3.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	7.04	noarch	php5-xmlrpc	< 5.2.1-0ubuntu1.4	UNKNOWN
Ubuntu	7.04	noarch	libapache2-mod-php5	< 5.2.1-0ubuntu1.4	UNKNOWN
Ubuntu	6.10	noarch	php5-xmlrpc	< 5.1.6-1ubuntu2.6	UNKNOWN
Ubuntu	6.10	noarch	libapache2-mod-php5	< 5.1.6-1ubuntu2.6	UNKNOWN
Ubuntu	6.06	noarch	php5-xmlrpc	< 5.1.2-1ubuntu3.9	UNKNOWN
Ubuntu	6.06	noarch	libapache2-mod-php5	< 5.1.2-1ubuntu3.9	UNKNOWN