5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
php is vulnerable to arbitrary code execution. A buffer overflow flaw was found in the PHP ‘soap’ extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server.
lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
osvdb.org/34675
secunia.com/advisories/25187
secunia.com/advisories/25191
secunia.com/advisories/25255
secunia.com/advisories/25318
secunia.com/advisories/25372
secunia.com/advisories/25445
secunia.com/advisories/26048
security.gentoo.org/glsa/glsa-200705-19.xml
us2.php.net/releases/5_2_2.php
viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6
www.debian.org/security/2007/dsa-1295
www.mandriva.com/security/advisories?name=MDKSA-2007:102
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2007-0355.html
www.securityfocus.com/bid/23813
www.securityfocus.com/bid/24034
www.securitytracker.com/id?1018023
www.trustix.org/errata/2007/0017/
www.ubuntu.com/usn/usn-462-1
access.redhat.com/errata/RHSA-2007:0348
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715
rhn.redhat.com/errata/RHSA-2007-0348.html