Published: 10/03/2007 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The php_binary serialization handler in the session extension in PHP prior to 4.4.5, and 5.x prior to 5.2.1, allows context-dependent malicious users to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.0
php php 4.0.3
php php 4.0.4
php php 4.1.1
php php 4.1.2
php php 4.3.1
php php 4.3.10
php php 4.3.8
php php 4.3.9
php php 5.0.0
php php 5.0.2
php php 5.0.3
php php 5.0.4
php php 5.1.1
php php 5.1.2
php php 4.0.2
php php 4.0.7
php php 4.1.0
php php 4.2
php php 4.3.0
php php 4.3.6
php php 4.3.7
php php 4.4.4
php php 5.0.1
php php 5.1.0
php php 5.2.0
php php 4.0.1
php php 4.0.6
php php 4.2.2
php php 4.2.3
php php 4.3.4
php php 4.3.5
php php 4.4.2
php php 4.4.3
php php 5.0
php php 5.1.5
php php 5.1.6
php php 4.0.0
php php 4.0.5
php php 4.2.0
php php 4.2.1
php php 4.3.11
php php 4.3.2
php php 4.3.3
php php 4.4.0
php php 4.4.1
php php 5.0.5
php php 5.1.3
php php 5.1.4

Stefan Esser discovered multiple vulnerabilities in the “Month of PHP bugs” ...

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1286 Stefan Esser discovered an overflow in the object reference handling code of the un ...

<?php //////////////////////////////////////////////////////////////////////// // _ _ _ _ ___ _ _ ___ // // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ // // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ // // |_||_|\__,_||_| \__,_|\___||_||_|\_ ...

NVD-CWE-Other http://www.php-security.org/MOPB/MOPB-10-2007.html http://security.gentoo.org/glsa/glsa-200703-21.xml http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html http://www.securityfocus.com/bid/22805 http://secunia.com/advisories/24514 http://secunia.com/advisories/24606 http://www.debian.org/security/2007/dsa-1282 http://www.debian.org/security/2007/dsa-1283 http://www.ubuntu.com/usn/usn-455-1 http://secunia.com/advisories/25025 http://secunia.com/advisories/25062 http://secunia.com/advisories/25057 http://www.novell.com/linux/security/advisories/2007_32_php.html http://secunia.com/advisories/25056 http://secunia.com/advisories/25423 http://secunia.com/advisories/25850 http://www.vupen.com/english/advisories/2007/2374 http://www.vupen.com/english/advisories/2007/1991 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 https://www.exploit-db.com/exploits/3413 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792 https://usn.ubuntu.com/455-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/3413/

CVE-2007-1380

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect