Vulnerability-Lookup

CVE-2007-1286 (GCVE-0-2007-1286)

Vulnerability from cvelistv5 – Published: 2007-03-07 01:00 – Updated: 2024-08-07 12:50

Summary

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.trustix.org/errata/2007/0009/	vendor-advisoryx_refsource_TRUSTIX
	http://www.vupen.com/english/advisories/2007/1991	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2007/dsa-1283	vendor-advisoryx_refsource_DEBIAN
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/24606	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2007-0154.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/466166/100…	mailing-listx_refsource_BUGTRAQ
	http://security.gentoo.org/glsa/glsa-200705-19.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/24941	third-party-advisoryx_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://security.gentoo.org/glsa/glsa-200703-21.xml	vendor-advisoryx_refsource_GENTOO
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/25062	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2374	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/25423	third-party-advisoryx_refsource_SECUNIA
	http://www.php-security.org/MOPB/MOPB-04-2007.html	x_refsource_MISC
	http://secunia.com/advisories/24419	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/24945	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2007/dsa-1282	vendor-advisoryx_refsource_DEBIAN
	https://issues.rpath.com/browse/RPL-1268	x_refsource_CONFIRM
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/24924	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2007-0155.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/24910	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25850	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25445	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2007-0163.html	vendor-advisoryx_refsource_REDHAT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/22765	vdb-entryx_refsource_BID
	http://secunia.com/advisories/25025	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/32771	vdb-entryx_refsource_OSVDB
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "2007-0009",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0009/"
          },
          {
            "name": "ADV-2007-1991",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1991"
          },
          {
            "name": "DSA-1283",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1283"
          },
          {
            "name": "SSRT071423",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "24606",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24606"
          },
          {
            "name": "RHSA-2007:0154",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
          },
          {
            "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
          },
          {
            "name": "GLSA-200705-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
          },
          {
            "name": "24941",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24941"
          },
          {
            "name": "HPSBTU02232",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "GLSA-200703-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
          },
          {
            "name": "php-zval-code-execution(32796)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
          },
          {
            "name": "SSRT071429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "25062",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25062"
          },
          {
            "name": "ADV-2007-2374",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2374"
          },
          {
            "name": "25423",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25423"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
          },
          {
            "name": "24419",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24419"
          },
          {
            "name": "MDKSA-2007:087",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
          },
          {
            "name": "24945",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24945"
          },
          {
            "name": "DSA-1282",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1268"
          },
          {
            "name": "HPSBMA02215",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "24924",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24924"
          },
          {
            "name": "RHSA-2007:0155",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
          },
          {
            "name": "24910",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24910"
          },
          {
            "name": "25850",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25850"
          },
          {
            "name": "25445",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25445"
          },
          {
            "name": "RHSA-2007:0163",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11575",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
          },
          {
            "name": "22765",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22765"
          },
          {
            "name": "25025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25025"
          },
          {
            "name": "32771",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/32771"
          },
          {
            "name": "MDKSA-2007:088",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-02T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "2007-0009",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0009/"
        },
        {
          "name": "ADV-2007-1991",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1991"
        },
        {
          "name": "DSA-1283",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1283"
        },
        {
          "name": "SSRT071423",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
        },
        {
          "name": "24606",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24606"
        },
        {
          "name": "RHSA-2007:0154",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
        },
        {
          "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
        },
        {
          "name": "GLSA-200705-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
        },
        {
          "name": "24941",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24941"
        },
        {
          "name": "HPSBTU02232",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
        },
        {
          "name": "GLSA-200703-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
        },
        {
          "name": "php-zval-code-execution(32796)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
        },
        {
          "name": "SSRT071429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
        },
        {
          "name": "25062",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25062"
        },
        {
          "name": "ADV-2007-2374",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2374"
        },
        {
          "name": "25423",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25423"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
        },
        {
          "name": "24419",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24419"
        },
        {
          "name": "MDKSA-2007:087",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
        },
        {
          "name": "24945",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24945"
        },
        {
          "name": "DSA-1282",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1268"
        },
        {
          "name": "HPSBMA02215",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
        },
        {
          "name": "24924",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24924"
        },
        {
          "name": "RHSA-2007:0155",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
        },
        {
          "name": "24910",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24910"
        },
        {
          "name": "25850",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25850"
        },
        {
          "name": "25445",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25445"
        },
        {
          "name": "RHSA-2007:0163",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11575",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
        },
        {
          "name": "22765",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22765"
        },
        {
          "name": "25025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25025"
        },
        {
          "name": "32771",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/32771"
        },
        {
          "name": "MDKSA-2007:088",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1286",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "2007-0009",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0009/"
            },
            {
              "name": "ADV-2007-1991",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1991"
            },
            {
              "name": "DSA-1283",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1283"
            },
            {
              "name": "SSRT071423",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
            },
            {
              "name": "24606",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24606"
            },
            {
              "name": "RHSA-2007:0154",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
            },
            {
              "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
            },
            {
              "name": "GLSA-200705-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
            },
            {
              "name": "24941",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24941"
            },
            {
              "name": "HPSBTU02232",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
            },
            {
              "name": "GLSA-200703-21",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
            },
            {
              "name": "php-zval-code-execution(32796)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
            },
            {
              "name": "SSRT071429",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
            },
            {
              "name": "25062",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25062"
            },
            {
              "name": "ADV-2007-2374",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2374"
            },
            {
              "name": "25423",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25423"
            },
            {
              "name": "http://www.php-security.org/MOPB/MOPB-04-2007.html",
              "refsource": "MISC",
              "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
            },
            {
              "name": "24419",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24419"
            },
            {
              "name": "MDKSA-2007:087",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
            },
            {
              "name": "24945",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24945"
            },
            {
              "name": "DSA-1282",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1282"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1268",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1268"
            },
            {
              "name": "HPSBMA02215",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
            },
            {
              "name": "24924",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24924"
            },
            {
              "name": "RHSA-2007:0155",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
            },
            {
              "name": "24910",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24910"
            },
            {
              "name": "25850",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25850"
            },
            {
              "name": "25445",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25445"
            },
            {
              "name": "RHSA-2007:0163",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11575",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
            },
            {
              "name": "22765",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22765"
            },
            {
              "name": "25025",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25025"
            },
            {
              "name": "32771",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/32771"
            },
            {
              "name": "MDKSA-2007:088",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1286",
    "datePublished": "2007-03-07T01:00:00.000Z",
    "dateReserved": "2007-03-06T05:00:00.000Z",
    "dateUpdated": "2024-08-07T12:50:34.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2007-1286

Vulnerability from fkie_nvd - Published: 2007-03-06 20:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2007-0154.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2007-0155.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2007-0163.html
cve@mitre.org	http://secunia.com/advisories/24419
cve@mitre.org	http://secunia.com/advisories/24606
cve@mitre.org	http://secunia.com/advisories/24910
cve@mitre.org	http://secunia.com/advisories/24924
cve@mitre.org	http://secunia.com/advisories/24941
cve@mitre.org	http://secunia.com/advisories/24945
cve@mitre.org	http://secunia.com/advisories/25025
cve@mitre.org	http://secunia.com/advisories/25062
cve@mitre.org	http://secunia.com/advisories/25423
cve@mitre.org	http://secunia.com/advisories/25445
cve@mitre.org	http://secunia.com/advisories/25850
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200703-21.xml
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200705-19.xml
cve@mitre.org	http://www.debian.org/security/2007/dsa-1282
cve@mitre.org	http://www.debian.org/security/2007/dsa-1283
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
cve@mitre.org	http://www.osvdb.org/32771
cve@mitre.org	http://www.php-security.org/MOPB/MOPB-04-2007.html	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/466166/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/22765
cve@mitre.org	http://www.trustix.org/errata/2007/0009/
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1991
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2374
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/32796
cve@mitre.org	https://issues.rpath.com/browse/RPL-1268
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2007-0154.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2007-0155.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2007-0163.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24419
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24606
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24910
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24924
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24941
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24945
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25025
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25062
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25423
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25445
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25850
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200703-21.xml
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200705-19.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1282
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1283
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/32771
af854a3a-2127-422b-91ae-364da2661108	http://www.php-security.org/MOPB/MOPB-04-2007.html	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/466166/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22765
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2007/0009/
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1991
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2374
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/32796
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1268
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575

Impacted products

	Vendor	Product	Version
	php	php	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C84850F4-17C8-4525-8C7A-1C1E8454753B",
              "versionEndIncluding": "4.4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en PHP 4.4.4 y anteriores permiten a atacantes dependientes de contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante el paso de una cadena larga a la funci\u00f3n unserialize, lo cual provoca el desbordamiento en el contador de referencias ZVAL."
    }
  ],
  "id": "CVE-2007-1286",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-06T20:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24419"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24606"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24910"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24924"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24941"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24945"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25025"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25423"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25445"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25850"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1282"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/32771"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22765"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2007/0009/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1991"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2374"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1268"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/32771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0009/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-144

Vulnerability from certfr_avis - Published: 2007-03-27 - Updated: 2007-03-27

Plusieurs vulnérabilités découvertes dans PHP (PHP : Hypertext Processor) permettent à un utilisateur distant malintentionné de réaliser de nombreuses actions malveillantes sur le système vulnérable.

Ces vulnérabilités peuvent être exploitées à distance afin de contourner la politique de sécurité, d'exécuter du code arbitraire, de provoquer un déni de service en consommant de façon excessive les ressources du processeur et de porter atteinte à la confidentialité et à l'intégrité des données du système présentes en mémoire.

Solution

Appliquer les mises à jour de sécurité PHP en passant à la version 4.4.5 ou 5.2.1 disponibles aux adresses suivantes :

http://www.php.net/releases/4_4_5.php

http://www.php.net/releases/5_2_1.php

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	PHP antérieur à la version 4.4.5 ;
	PHP	PHP	PHP antérieur à la version 5.2.1.

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA-200703-21 du 20 mars 2007	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2007:0076 du 19 février 2007 :	-	other
Bulletin de sécurité Debian DSA 1264 du 07 mars 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0089 du 26 février 2007 :	-	other
Bulletin de sécurité Ubuntu USN-431-1 du 07 mars 2007 :	-	other
Mise à jour de sécurité PHP version 4.4.5 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:048 du 22 février 2007 :	-	other
Bulletin de sécurité Avaya ASA-2007-0076 du 06 mars 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2007:020 du 15 mars 2007 :	-	other
Bulletin de sécurité Avaya ASA-2007-0088 du 26 mars 2007 :	-	other
Mise à jour de sécurité PHP version 5.2.1 :	-	other
Bulletin de sécurité Ubuntu USN-423-1 du 20 février 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0081 du 21 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP ant\u00e9rieur \u00e0 la version 4.4.5 ;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP ant\u00e9rieur \u00e0 la version 5.2.1.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nAppliquer les mises \u00e0 jour de s\u00e9curit\u00e9 PHP en passant \u00e0 la version 4.4.5\nou 5.2.1 disponibles aux adresses suivantes :\n\n    http://www.php.net/releases/4_4_5.php\n\n    http://www.php.net/releases/5_2_1.php\n\n  \n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0988"
    },
    {
      "name": "CVE-2007-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1380"
    },
    {
      "name": "CVE-2007-0905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0905"
    },
    {
      "name": "CVE-2007-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1452"
    },
    {
      "name": "CVE-2007-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1376"
    },
    {
      "name": "CVE-2007-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1375"
    },
    {
      "name": "CVE-2007-0907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0907"
    },
    {
      "name": "CVE-2007-0906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0906"
    },
    {
      "name": "CVE-2007-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1453"
    },
    {
      "name": "CVE-2007-0909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0909"
    },
    {
      "name": "CVE-2007-0910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0910"
    },
    {
      "name": "CVE-2007-0908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0908"
    },
    {
      "name": "CVE-2007-1383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1383"
    },
    {
      "name": "CVE-2007-1454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1454"
    },
    {
      "name": "CVE-2007-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1286"
    }
  ],
  "initial_release_date": "2007-03-27T00:00:00",
  "last_revision_date": "2007-03-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0076 du 19 f\u00e9vrier    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0076.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1264 du 07 mars 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1264"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0089 du 26 f\u00e9vrier    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0089.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-431-1 du 07 mars 2007 :",
      "url": "http://www.ubuntulinux.org/usn/usn-431-1"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 PHP version 4.4.5 :",
      "url": "http://www.php.net/releases/4_4_5.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:048 du 22 f\u00e9vrier    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:048"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-0076 du 06 mars 2007 :",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-0076.htm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:020 du 15 mars 2007    :",
      "url": "http://lists.suse.com/archive/archive/suse-security-announce/2007-Mar/0003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-0088 du 26 mars 2007 :",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-0088.htm"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 PHP version 5.2.1 :",
      "url": "http://www.php.net/releases/5_2_1.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-423-1 du 20 f\u00e9vrier 2007 :",
      "url": "http://www.ubuntulinux.org/usn/usn-423-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0081 du 21 f\u00e9vrier    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0081.html"
    }
  ],
  "reference": "CERTA-2007-AVI-144",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans PHP (PHP : Hypertext\nProcessor) permettent \u00e0 un utilisateur distant malintentionn\u00e9 de\nr\u00e9aliser de nombreuses actions malveillantes sur le syst\u00e8me vuln\u00e9rable.\n\n  \n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es \u00e0 distance afin de contourner\nla politique de s\u00e9curit\u00e9, d\u0027ex\u00e9cuter du code arbitraire, de provoquer un\nd\u00e9ni de service en consommant de fa\u00e7on excessive les ressources du\nprocesseur et de porter atteinte \u00e0 la confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es du syst\u00e8me pr\u00e9sentes en m\u00e9moire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200703-21 du 20 mars 2007",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml"
    }
  ]
}

CERTA-2007-AVI-201

Vulnerability from certfr_avis - Published: 2007-05-07 - Updated: 2007-05-29

Plusieurs vulnérabilités avaient été identifiées à l'occasion du MoPB (le Month Of PHP Bugs). L'exploitation de ces dernières peut avoir divers impacts sur le serveur vulnérable. Les mises à jour récentes de PHP corrigent la plupart de ces vulnérabilités.

Description

Plusieurs vulnérabilités avaient été identifiées en mars 2007 à l'occasion du MoPB (le Month Of PHP Bugs). A cette occasion, le CERTA a publié dans son bulletin d'actualité CERTA-2007-ACT-012 une revue des plus importantes d'entre elles. Les conséquences de l'exploitation de ces dernières sont diverses, pouvant être un dysfonctionnement du serveur vulnérable ou l'exécution de code arbitraire sur celui-ci.

Solution

Se référer aux bulletins de sécurité des différents éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	PHP 5, pour les versions antérieures à 5.2.2.
	PHP	PHP	PHP 4, pour les versions antérieures à 4.4.7 ;

References

Title

Publication Time

Tags

Bulletins des mises à jour PHP du 03 mai 2007	None	vendor-advisory
Mise à jour de sécurité Fedora Core 6 du 18 avril 2007 :	-	other
Bulletin de sécurité Ubuntu USN-455-1 du 27 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:090 du 18 avril 2007 :	-	other
Site de téléchargement des dernières versions PHP :	-	other
Note de changement de version pour PHP 4 version 4.4.7 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:087 du 18 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:091 du 18 avril 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200705-19 du 26 mai 2007 :	-	other
Bulletin d'actualité CERTA-2007-ACT-012 du 23 mars 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2007:032 du 23 mai 2007 :	-	other
Note de changement de version pour PHP 5 version 5.2.2 :	-	other
Bulletin de sécurité Debian DSA 1283-1 du 29 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:089 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0155 du 16 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:088 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0153 du 20 avril 2007 :	-	other
Bulletin de sécurité Debian DSA 1282-1 du 26 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 5, pour les versions ant\u00e9rieures \u00e0 5.2.2.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 4, pour les versions ant\u00e9rieures \u00e0 4.4.7 ;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es en mars 2007 \u00e0\nl\u0027occasion du MoPB (le Month Of PHP Bugs). A cette occasion, le CERTA a\npubli\u00e9 dans son bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 une revue des\nplus importantes d\u0027entre elles. Les cons\u00e9quences de l\u0027exploitation de\nces derni\u00e8res sont diverses, pouvant \u00eatre un dysfonctionnement du\nserveur vuln\u00e9rable ou l\u0027ex\u00e9cution de code arbitraire sur celui-ci.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-1889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1889"
    },
    {
      "name": "CVE-2007-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1380"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1900"
    },
    {
      "name": "CVE-2007-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1718"
    },
    {
      "name": "CVE-2007-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1887"
    },
    {
      "name": "CVE-2007-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1376"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1375"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0455"
    },
    {
      "name": "CVE-2007-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1700"
    },
    {
      "name": "CVE-2007-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1453"
    },
    {
      "name": "CVE-2007-1824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1824"
    },
    {
      "name": "CVE-2007-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1777"
    },
    {
      "name": "CVE-2007-1454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1454"
    },
    {
      "name": "CVE-2007-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1286"
    }
  ],
  "initial_release_date": "2007-05-07T00:00:00",
  "last_revision_date": "2007-05-29T00:00:00",
  "links": [
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 6 du 18 avril 2007 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-455-1 du 27 avril 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:090 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:090"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement des derni\u00e8res versions PHP :",
      "url": "http://fr2.php.net/downloads.php"
    },
    {
      "title": "Note de changement de version pour PHP 4 version 4.4.7 :",
      "url": "http://www.php.net/ChangeLog-4.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:087 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:087"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:091 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:091"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200705-19 du 26 mai 2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 du 23 mars 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-012.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:032 du 23 mai 2007 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html"
    },
    {
      "title": "Note de changement de version pour PHP 5 version 5.2.2 :",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1283-1 du 29 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1283-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:089 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:089"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0155 du 16 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:088 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:088"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0153 du 20 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0153.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1282-1 du 26 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1282-1"
    }
  ],
  "reference": "CERTA-2007-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-07T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u0155ences aux bulletins de s\u00e9curit\u00e9 Gentoo, SuSE, Mandriva, Red Hat.",
      "revision_date": "2007-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es \u00e0 l\u0027occasion du MoPB\n(le \u003cspan class=\"textit\"\u003eMonth Of PHP Bugs\u003c/span\u003e). L\u0027exploitation de\nces derni\u00e8res peut avoir divers impacts sur le serveur vuln\u00e9rable. Les\nmises \u00e0 jour r\u00e9centes de PHP corrigent la plupart de ces vuln\u00e9rabilit\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins des mises \u00e0 jour PHP du 03 mai 2007",
      "url": null
    }
  ]
}

GHSA-5G4M-4PG3-QMXC

Vulnerability from github – Published: 2022-05-01 17:52 – Updated: 2025-04-09 03:38

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1286"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-06T20:19:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.",
  "id": "GHSA-5g4m-4pg3-qmxc",
  "modified": "2025-04-09T03:38:31Z",
  "published": "2022-05-01T17:52:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1286"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1268"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24419"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24606"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24910"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24924"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24941"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24945"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25025"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25423"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25445"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25850"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1282"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32771"
    },
    {
      "type": "WEB",
      "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22765"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2007/0009"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1991"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2374"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-1286

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1286

Aliases

CVE-2007-1286

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1286",
    "description": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.",
    "id": "GSD-2007-1286",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-1286.html",
      "https://www.debian.org/security/2007/dsa-1283",
      "https://www.debian.org/security/2007/dsa-1282",
      "https://access.redhat.com/errata/RHSA-2007:0163",
      "https://access.redhat.com/errata/RHSA-2007:0155",
      "https://access.redhat.com/errata/RHSA-2007:0154",
      "https://linux.oracle.com/cve/CVE-2007-1286.html",
      "https://packetstormsecurity.com/files/cve/CVE-2007-1286"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1286"
      ],
      "details": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.",
      "id": "GSD-2007-1286",
      "modified": "2023-12-13T01:21:39.699342Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1286",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "2007-0009",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2007/0009/"
          },
          {
            "name": "ADV-2007-1991",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1991"
          },
          {
            "name": "DSA-1283",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1283"
          },
          {
            "name": "SSRT071423",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "24606",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24606"
          },
          {
            "name": "RHSA-2007:0154",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
          },
          {
            "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
          },
          {
            "name": "GLSA-200705-19",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
          },
          {
            "name": "24941",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24941"
          },
          {
            "name": "HPSBTU02232",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "GLSA-200703-21",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
          },
          {
            "name": "php-zval-code-execution(32796)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
          },
          {
            "name": "SSRT071429",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "25062",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25062"
          },
          {
            "name": "ADV-2007-2374",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2374"
          },
          {
            "name": "25423",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25423"
          },
          {
            "name": "http://www.php-security.org/MOPB/MOPB-04-2007.html",
            "refsource": "MISC",
            "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
          },
          {
            "name": "24419",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24419"
          },
          {
            "name": "MDKSA-2007:087",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
          },
          {
            "name": "24945",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24945"
          },
          {
            "name": "DSA-1282",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1282"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1268",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1268"
          },
          {
            "name": "HPSBMA02215",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "24924",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24924"
          },
          {
            "name": "RHSA-2007:0155",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
          },
          {
            "name": "24910",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24910"
          },
          {
            "name": "25850",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25850"
          },
          {
            "name": "25445",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25445"
          },
          {
            "name": "RHSA-2007:0163",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11575",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
          },
          {
            "name": "22765",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22765"
          },
          {
            "name": "25025",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25025"
          },
          {
            "name": "32771",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/32771"
          },
          {
            "name": "MDKSA-2007:088",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.4.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1286"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.php-security.org/MOPB/MOPB-04-2007.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.php-security.org/MOPB/MOPB-04-2007.html"
            },
            {
              "name": "GLSA-200703-21",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
            },
            {
              "name": "22765",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22765"
            },
            {
              "name": "32771",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/32771"
            },
            {
              "name": "24606",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24606"
            },
            {
              "name": "RHSA-2007:0154",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
            },
            {
              "name": "RHSA-2007:0155",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
            },
            {
              "name": "24910",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24910"
            },
            {
              "name": "24924",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24924"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1268",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-1268"
            },
            {
              "name": "RHSA-2007:0163",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
            },
            {
              "name": "24945",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24945"
            },
            {
              "name": "24941",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24941"
            },
            {
              "name": "DSA-1282",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1282"
            },
            {
              "name": "DSA-1283",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1283"
            },
            {
              "name": "25025",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25025"
            },
            {
              "name": "25062",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25062"
            },
            {
              "name": "GLSA-200705-19",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
            },
            {
              "name": "MDKSA-2007:087",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
            },
            {
              "name": "MDKSA-2007:088",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
            },
            {
              "name": "2007-0009",
              "refsource": "TRUSTIX",
              "tags": [],
              "url": "http://www.trustix.org/errata/2007/0009/"
            },
            {
              "name": "25445",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25445"
            },
            {
              "name": "25423",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25423"
            },
            {
              "name": "24419",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24419"
            },
            {
              "name": "25850",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25850"
            },
            {
              "name": "ADV-2007-2374",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2374"
            },
            {
              "name": "ADV-2007-1991",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1991"
            },
            {
              "name": "HPSBTU02232",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
            },
            {
              "name": "SSRT071423",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
            },
            {
              "name": "php-zval-code-execution(32796)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32796"
            },
            {
              "name": "oval:org.mitre.oval:def:11575",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575"
            },
            {
              "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:37Z",
      "publishedDate": "2007-03-06T20:19Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1286 (GCVE-0-2007-1286)

FKIE_CVE-2007-1286

CERTA-2007-AVI-144

Solution

CERTA-2007-AVI-201

Description

Solution

GHSA-5G4M-4PG3-QMXC

GSD-2007-1286

Tags

Sightings

Nomenclature