Lucene search

K
ubuntucveUbuntu.comUB:CVE-2007-1583
HistoryMar 21, 2007 - 12:00 a.m.

CVE-2007-1583

2007-03-2100:00:00
ubuntu.com
ubuntu.com
6

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.609 Medium

EPSS

Percentile

97.7%

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 sets the internal register_globals flag and does not disable it in
certain cases when a script terminates, which allows remote attackers to
invoke available PHP scripts with register_globals functionality that is
not detectable by these scripts, as demonstrated by forcing a memory_limit
violation.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.9UNKNOWN
ubuntu6.10noarchphp5< 5.1.6-1ubuntu2.6UNKNOWN
ubuntu7.04noarchphp5< 5.2.1-0ubuntu1.4UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.609 Medium

EPSS

Percentile

97.7%