Published: 21/03/2007 Updated: 30/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The resource system in PHP 5.0.0 up to and including 5.2.1 allows context-dependent malicious users to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 up to and including 5.2.13 and 5.3 up to and including 5.3.2 are also affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.0.0
php php 5.0.1
php php 5.0
php php 5.1.0
php php 5.2.0
php php 5.2.1
php php 5.2.8
php php 5.2.9
php php 5.0.4
php php 5.0.5
php php 5.1.3
php php 5.1.4
php php 5.2.4
php php 5.2.5
php php 5.2.12
php php 5.2.13
php php 5.0.2
php php 5.0.3
php php 5.1.1
php php 5.1.2
php php 5.2.2
php php 5.2.3
php php 5.2.10
php php 5.2.11
php php 5.1.5
php php 5.1.6
php php 5.2.6
php php 5.2.7
php php 5.3.0
php php 5.3.1
php php 5.3.2

<?php //////////////////////////////////////////////////////////////////////// // _ _ _ _ ___ _ _ ___ // // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ // // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ // // |_||_|\__,_||_| \__,_|\___||_||_|\_ ...

CWE-94 http://www.php-security.org/MOPB/MOPB-28-2007.html http://www.securityfocus.com/bid/23062 http://secunia.com/advisories/24542 http://php-security.org/2010/05/01/mops-2010-001-php-hash_update_file-already-freed-resource-access-vulnerability/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/33248 https://www.exploit-db.com/exploits/3529 https://nvd.nist.gov https://www.exploit-db.com/exploits/3529/

CVE-2007-1581

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect