CVE-2007-1700

2007-03-2700:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1,
calculates the reference count for the session variables without
considering the internal pointer from the session globals, which allows
context-dependent attackers to execute arbitrary code via a crafted string
in the session_register after unsetting HTTP_SESSION_VARS and _SESSION,
which destroys the session data Hashtable.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.9UNKNOWN
ubuntu6.10noarchphp5< 5.1.6-1ubuntu2.6UNKNOWN
ubuntu7.04noarchphp5< 5.2.1-0ubuntu1UNKNOWN