Vulnerability-Lookup

CVE-2007-4887 (GCVE-0-2007-4887)

Vulnerability from cvelistv5 – Published: 2007-09-14 04:00 – Updated: 2024-08-07 15:08

Summary

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.php.net/ChangeLog-5.php#5.2.5	x_refsource_CONFIRM
	http://securityreason.com/securityalert/3133	third-party-advisoryx_refsource_SREASON
	https://issues.rpath.com/browse/RPL-1943	x_refsource_CONFIRM
	http://secunia.com/advisories/28750	third-party-advisoryx_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-20071…	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2008/0924…	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/30040	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/478988/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/0398	vdb-entryx_refsource_VUPEN
	http://www.php.net/releases/5_2_5.php	x_refsource_CONFIRM
	http://secunia.com/advisories/27659	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29420	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/archive/1/491693/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/478985/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/491693/100…	vendor-advisoryx_refsource_HP
	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242	x_refsource_CONFIRM
	http://docs.info.apple.com/article.html?artnum=307562	x_refsource_CONFIRM
	http://secunia.com/advisories/27102	third-party-advisoryx_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/bid/26403	vdb-entryx_refsource_BID
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2007/3825	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
          },
          {
            "name": "3133",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3133"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1943"
          },
          {
            "name": "28750",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28750"
          },
          {
            "name": "GLSA-200710-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
          },
          {
            "name": "ADV-2008-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "oval:org.mitre.oval:def:5767",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
          },
          {
            "name": "30040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30040"
          },
          {
            "name": "20070910 /* PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service errata ... working on windows too .. */",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
          },
          {
            "name": "ADV-2008-0398",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0398"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/releases/5_2_5.php"
          },
          {
            "name": "27659",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27659"
          },
          {
            "name": "29420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "SSRT080056",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
          },
          {
            "name": "20070910 PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
          },
          {
            "name": "HPSBUX02332",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "27102",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27102"
          },
          {
            "name": "SSRT080010",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
          },
          {
            "name": "26403",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26403"
          },
          {
            "name": "HPSBUX02308",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
          },
          {
            "name": "ADV-2007-3825",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3825"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-10T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
        },
        {
          "name": "3133",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3133"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1943"
        },
        {
          "name": "28750",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28750"
        },
        {
          "name": "GLSA-200710-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
        },
        {
          "name": "ADV-2008-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0924/references"
        },
        {
          "name": "oval:org.mitre.oval:def:5767",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
        },
        {
          "name": "30040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30040"
        },
        {
          "name": "20070910 /* PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service errata ... working on windows too .. */",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
        },
        {
          "name": "ADV-2008-0398",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0398"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/releases/5_2_5.php"
        },
        {
          "name": "27659",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27659"
        },
        {
          "name": "29420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29420"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
        },
        {
          "name": "SSRT080056",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
        },
        {
          "name": "20070910 PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
        },
        {
          "name": "HPSBUX02332",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307562"
        },
        {
          "name": "27102",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27102"
        },
        {
          "name": "SSRT080010",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
        },
        {
          "name": "26403",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26403"
        },
        {
          "name": "HPSBUX02308",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
        },
        {
          "name": "ADV-2007-3825",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3825"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4887",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.2.5",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
            },
            {
              "name": "3133",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3133"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1943",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1943"
            },
            {
              "name": "28750",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28750"
            },
            {
              "name": "GLSA-200710-02",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "oval:org.mitre.oval:def:5767",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
            },
            {
              "name": "30040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30040"
            },
            {
              "name": "20070910 /* PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service errata ... working on windows too .. */",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
            },
            {
              "name": "ADV-2008-0398",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0398"
            },
            {
              "name": "http://www.php.net/releases/5_2_5.php",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/releases/5_2_5.php"
            },
            {
              "name": "27659",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27659"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "SSRT080056",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
            },
            {
              "name": "20070910 PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
            },
            {
              "name": "HPSBUX02332",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "27102",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27102"
            },
            {
              "name": "SSRT080010",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
            },
            {
              "name": "26403",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26403"
            },
            {
              "name": "HPSBUX02308",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
            },
            {
              "name": "ADV-2007-3825",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3825"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4887",
    "datePublished": "2007-09-14T04:00:00.000Z",
    "dateReserved": "2007-09-13T04:00:00.000Z",
    "dateUpdated": "2024-08-07T15:08:33.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-148

Vulnerability from certfr_avis - Published: 2008-03-19 - Updated: 2008-03-19

None

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac Os X version 10.4.11 et antérieures ;
	Apple	N/A	Apple Mac Os X version 10.5.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307562 du 18 mars 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac Os X version 10.4.11 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac Os X version 10.5.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s\npermet \u00e0 un individu malveillant diverses actions dont ex\u00e9cuter du code\narbitaire \u00e0 distance, effectuer un d\u00e9ni de service, contourner la\npolitique de s\u00e9curit\u00e9, \u00e9lever ses privil\u00e8ges et effectuer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307562 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
    },
    {
      "name": "CVE-2008-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0060"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2007-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6109"
    },
    {
      "name": "CVE-2007-1661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1661"
    },
    {
      "name": "CVE-2008-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0882"
    },
    {
      "name": "CVE-2007-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6336"
    },
    {
      "name": "CVE-2007-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2799"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1089"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2007-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4768"
    },
    {
      "name": "CVE-2008-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0059"
    },
    {
      "name": "CVE-2008-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1000"
    },
    {
      "name": "CVE-2007-1660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1660"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2007-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
    },
    {
      "name": "CVE-2008-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0052"
    },
    {
      "name": "CVE-2008-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0990"
    },
    {
      "name": "CVE-2008-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0995"
    },
    {
      "name": "CVE-2007-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0898"
    },
    {
      "name": "CVE-2007-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5266"
    },
    {
      "name": "CVE-2008-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0055"
    },
    {
      "name": "CVE-2007-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1997"
    },
    {
      "name": "CVE-2007-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1659"
    },
    {
      "name": "CVE-2007-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6337"
    },
    {
      "name": "CVE-2008-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0044"
    },
    {
      "name": "CVE-2008-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0045"
    },
    {
      "name": "CVE-2007-5971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
    },
    {
      "name": "CVE-2008-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0046"
    },
    {
      "name": "CVE-2008-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0047"
    },
    {
      "name": "CVE-2007-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6335"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-3725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
    },
    {
      "name": "CVE-2008-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0054"
    },
    {
      "name": "CVE-2008-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0996"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    },
    {
      "name": "CVE-2008-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0051"
    },
    {
      "name": "CVE-2007-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3799"
    },
    {
      "name": "CVE-2008-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0048"
    },
    {
      "name": "CVE-2007-1662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1662"
    },
    {
      "name": "CVE-2006-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3334"
    },
    {
      "name": "CVE-2008-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0998"
    },
    {
      "name": "CVE-2007-0897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0897"
    },
    {
      "name": "CVE-2008-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
    },
    {
      "name": "CVE-2007-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6429"
    },
    {
      "name": "CVE-2007-4510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4510"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2007-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
    },
    {
      "name": "CVE-2008-0006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0006"
    },
    {
      "name": "CVE-2008-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
    },
    {
      "name": "CVE-2008-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
    },
    {
      "name": "CVE-2007-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2445"
    },
    {
      "name": "CVE-2008-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0049"
    },
    {
      "name": "CVE-2007-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1745"
    },
    {
      "name": "CVE-2007-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6427"
    },
    {
      "name": "CVE-2008-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0987"
    },
    {
      "name": "CVE-2008-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0993"
    },
    {
      "name": "CVE-2008-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0988"
    },
    {
      "name": "CVE-2008-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0056"
    },
    {
      "name": "CVE-2008-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0992"
    },
    {
      "name": "CVE-2006-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5793"
    },
    {
      "name": "CVE-2007-6428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6428"
    },
    {
      "name": "CVE-2008-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0989"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2008-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0053"
    },
    {
      "name": "CVE-2007-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4767"
    },
    {
      "name": "CVE-2008-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
    },
    {
      "name": "CVE-2007-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5958"
    },
    {
      "name": "CVE-2006-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6481"
    },
    {
      "name": "CVE-2008-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0994"
    },
    {
      "name": "CVE-2007-6421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6421"
    },
    {
      "name": "CVE-2008-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0058"
    },
    {
      "name": "CVE-2007-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4752"
    },
    {
      "name": "CVE-2008-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0999"
    },
    {
      "name": "CVE-2007-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4560"
    },
    {
      "name": "CVE-2007-4990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4990"
    },
    {
      "name": "CVE-2007-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4766"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2008-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0596"
    },
    {
      "name": "CVE-2007-4887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
    }
  ],
  "initial_release_date": "2008-03-19T00:00:00",
  "last_revision_date": "2008-03-19T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307562 du 18 mars 2008",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    }
  ]
}

CERTA-2008-AVI-065

Vulnerability from certfr_avis - Published: 2008-02-08 - Updated: 2008-02-08

Plusieurs vulnérabilités dans HP-UX ont été découvertes et permettent à un individu malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités dans le serveur Apache de HP-UX ont été découvertes et permettent à un individu malveillant d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité HP pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apache	N/A	HP-UX B.11.31 avec Apache version 2.0.59.00.1 et les versions antérieures.
Apache	N/A	HP-UX B.11.23 avec Apache version 2.0.59.00.1 et les versions antérieures ;
Apache	N/A	HP-UX B.11.11 avec Apache version 2.0.59.00.1 et les versions antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité HP du 30 janvier 2008	None	vendor-advisory
Document du CERTA CERTA-2007-AVI-388 du 05 septembre 2007 :	-	other
Document du CERTA CERTA-2008-AVI-002 du 04 janvier 2008 :	-	other
Document du CERTA CERTA-2005-AVI-497 du 16 mars 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX B.11.31 avec Apache version 2.0.59.00.1 et les versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.23 avec Apache version 2.0.59.00.1 et les versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.11 avec Apache version 2.0.59.00.1 et les versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans le serveur Apache de HP-UX ont \u00e9t\u00e9\nd\u00e9couvertes et permettent \u00e0 un individu malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 HP pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2872"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2007-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
    },
    {
      "name": "CVE-2007-4887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
    }
  ],
  "initial_release_date": "2008-02-08T00:00:00",
  "last_revision_date": "2008-02-08T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2007-AVI-388 du 05 septembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-388"
    },
    {
      "title": "Document du CERTA CERTA-2008-AVI-002 du 04 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-002"
    },
    {
      "title": "Document du CERTA CERTA-2005-AVI-497 du 16 mars 2006 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2005-AVI-497"
    }
  ],
  "reference": "CERTA-2008-AVI-065",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans HP-UX ont \u00e9t\u00e9 d\u00e9couvertes et permettent \u00e0\nun individu malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP du 30 janvier 2008",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
    }
  ]
}

GSD-2007-4887

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4887

Aliases

CVE-2007-4887

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4887",
    "description": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability.",
    "id": "GSD-2007-4887",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-4887.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4887"
      ],
      "details": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability.",
      "id": "GSD-2007-4887",
      "modified": "2023-12-13T01:21:36.361380Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4887",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.php.net/ChangeLog-5.php#5.2.5",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
          },
          {
            "name": "3133",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3133"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1943",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1943"
          },
          {
            "name": "28750",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28750"
          },
          {
            "name": "GLSA-200710-02",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
          },
          {
            "name": "ADV-2008-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "oval:org.mitre.oval:def:5767",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
          },
          {
            "name": "30040",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30040"
          },
          {
            "name": "20070910 /* PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service errata ... working on windows too .. */",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
          },
          {
            "name": "ADV-2008-0398",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0398"
          },
          {
            "name": "http://www.php.net/releases/5_2_5.php",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/releases/5_2_5.php"
          },
          {
            "name": "27659",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27659"
          },
          {
            "name": "29420",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "SSRT080056",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
          },
          {
            "name": "20070910 PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
          },
          {
            "name": "HPSBUX02332",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307562",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "27102",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27102"
          },
          {
            "name": "SSRT080010",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
          },
          {
            "name": "26403",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26403"
          },
          {
            "name": "HPSBUX02308",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
          },
          {
            "name": "ADV-2007-3825",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3825"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4887"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.2.5",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
            },
            {
              "name": "http://www.php.net/releases/5_2_5.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/releases/5_2_5.php"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1943",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-1943"
            },
            {
              "name": "GLSA-200710-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
            },
            {
              "name": "26403",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26403"
            },
            {
              "name": "27102",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27102"
            },
            {
              "name": "27659",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27659"
            },
            {
              "name": "3133",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3133"
            },
            {
              "name": "28750",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28750"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "30040",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30040"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "ADV-2007-3825",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3825"
            },
            {
              "name": "ADV-2008-0398",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0398"
            },
            {
              "name": "SSRT080010",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
            },
            {
              "name": "oval:org.mitre.oval:def:5767",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
            },
            {
              "name": "SSRT080056",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
            },
            {
              "name": "20070910 /* PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service errata ... working on windows too .. */",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
            },
            {
              "name": "20070910 PHP \u003c=5.2.4 open_basedir bypass \u0026 code exec \u0026 denial of service",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:38Z",
      "publishedDate": "2007-09-14T00:17Z"
    }
  }
}

GHSA-FR5P-WXP2-3Q76

Vulnerability from github – Published: 2022-05-01 18:27 – Updated: 2022-05-01 18:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-09-14T00:17:00Z",
    "severity": "MODERATE"
  },
  "details": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability.",
  "id": "GHSA-fr5p-wxp2-3q76",
  "modified": "2022-05-01T18:27:48Z",
  "published": "2022-05-01T18:27:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4887"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1943"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27659"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28750"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30040"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3133"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/releases/5_2_5.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26403"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3825"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0398"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-4887

Vulnerability from fkie_nvd - Published: 2007-09-14 00:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
	cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
	cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
	cve@mitre.org	http://secunia.com/advisories/27102
	cve@mitre.org	http://secunia.com/advisories/27659
	cve@mitre.org	http://secunia.com/advisories/28750
	cve@mitre.org	http://secunia.com/advisories/29420
	cve@mitre.org	http://secunia.com/advisories/30040
	cve@mitre.org	http://securityreason.com/securityalert/3133
	cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
	cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
	cve@mitre.org	http://www.php.net/ChangeLog-5.php#5.2.5
	cve@mitre.org	http://www.php.net/releases/5_2_5.php
	cve@mitre.org	http://www.securityfocus.com/archive/1/478985/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/478988/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/491693/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/26403
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/3825
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/0398
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
	cve@mitre.org	https://issues.rpath.com/browse/RPL-1943
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767
	af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
	af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27102
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27659
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28750
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30040
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3133
	af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
	af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/ChangeLog-5.php#5.2.5
	af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/releases/5_2_5.php
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/478985/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/478988/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491693/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26403
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3825
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0398
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
	af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1943
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767

Impacted products

	Vendor	Product	Version
	php	php	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B6B1C7-B7B8-495E-9FE5-FF39718DC64E",
              "versionEndIncluding": "5.2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n dl en PHP 5.2.4 y versiones anteriores permite a atacantes locales o remotos dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante una cadena larga en el par\u00e1metro library.\r\nNOTA. Existen escenarios de uso limitado bajo los cuales esto ser\u00eda una vulnerabilidad."
    }
  ],
  "id": "CVE-2007-4887",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-14T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27659"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28750"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30040"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3133"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/releases/5_2_5.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26403"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3825"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0398"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1943"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/releases/5_2_5.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/478985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/478988/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Because the argument passed to the dl() function are always under the control of the author, Mandriva does not consider this a security issue.",
      "lastModified": "2007-09-18T00:00:00",
      "organization": "Mandriva"
    },
    {
      "comment": "The argument passed to the dl() function must always be under the control of the script author.  We therefore do not consider this to be a security issue.\n",
      "lastModified": "2007-09-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4887 (GCVE-0-2007-4887)

CERTA-2008-AVI-148

Description

Solution

CERTA-2008-AVI-065

Description

Solution

GSD-2007-4887

GHSA-FR5P-WXP2-3Q76

FKIE_CVE-2007-4887

Tags

Sightings

Nomenclature