Vulnerability-Lookup

CVE-2007-1380 (GCVE-0-2007-1380)

Vulnerability from cvelistv5 – Published: 2007-03-10 05:00 – Updated: 2024-08-07 12:50

Summary

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/1991	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/25056	third-party-advisoryx_refsource_SECUNIA
	http://www.php-security.org/MOPB/MOPB-10-2007.html	x_refsource_MISC
	http://www.debian.org/security/2007/dsa-1283	vendor-advisoryx_refsource_DEBIAN
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/24606	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/24514	third-party-advisoryx_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://security.gentoo.org/glsa/glsa-200703-21.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/22805	vdb-entryx_refsource_BID
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/25062	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2374	vdb-entryx_refsource_VUPEN
	http://lists.suse.com/archive/suse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/25423	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-455-1	vendor-advisoryx_refsource_UBUNTU
	https://www.exploit-db.com/exploits/3413	exploitx_refsource_EXPLOIT-DB
	http://www.debian.org/security/2007/dsa-1282	vendor-advisoryx_refsource_DEBIAN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/25850	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25057	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/25025	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-1991",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1991"
          },
          {
            "name": "25056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25056"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
          },
          {
            "name": "DSA-1283",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1283"
          },
          {
            "name": "SSRT071423",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "24606",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24606"
          },
          {
            "name": "24514",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24514"
          },
          {
            "name": "HPSBTU02232",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "GLSA-200703-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
          },
          {
            "name": "22805",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22805"
          },
          {
            "name": "SSRT071429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "25062",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25062"
          },
          {
            "name": "ADV-2007-2374",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2374"
          },
          {
            "name": "SUSE-SA:2007:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
          },
          {
            "name": "25423",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25423"
          },
          {
            "name": "USN-455-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-455-1"
          },
          {
            "name": "3413",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/3413"
          },
          {
            "name": "DSA-1282",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1282"
          },
          {
            "name": "oval:org.mitre.oval:def:10792",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
          },
          {
            "name": "HPSBMA02215",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "25850",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25850"
          },
          {
            "name": "25057",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25057"
          },
          {
            "name": "SUSE-SA:2007:032",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
          },
          {
            "name": "25025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-05T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T04:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-1991",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1991"
        },
        {
          "name": "25056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25056"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
        },
        {
          "name": "DSA-1283",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1283"
        },
        {
          "name": "SSRT071423",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
        },
        {
          "name": "24606",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24606"
        },
        {
          "name": "24514",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24514"
        },
        {
          "name": "HPSBTU02232",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
        },
        {
          "name": "GLSA-200703-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
        },
        {
          "name": "22805",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22805"
        },
        {
          "name": "SSRT071429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
        },
        {
          "name": "25062",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25062"
        },
        {
          "name": "ADV-2007-2374",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2374"
        },
        {
          "name": "SUSE-SA:2007:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
        },
        {
          "name": "25423",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25423"
        },
        {
          "name": "USN-455-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-455-1"
        },
        {
          "name": "3413",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/3413"
        },
        {
          "name": "DSA-1282",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1282"
        },
        {
          "name": "oval:org.mitre.oval:def:10792",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
        },
        {
          "name": "HPSBMA02215",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
        },
        {
          "name": "25850",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25850"
        },
        {
          "name": "25057",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25057"
        },
        {
          "name": "SUSE-SA:2007:032",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
        },
        {
          "name": "25025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25025"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1380",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-1991",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1991"
            },
            {
              "name": "25056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25056"
            },
            {
              "name": "http://www.php-security.org/MOPB/MOPB-10-2007.html",
              "refsource": "MISC",
              "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
            },
            {
              "name": "DSA-1283",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1283"
            },
            {
              "name": "SSRT071423",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
            },
            {
              "name": "24606",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24606"
            },
            {
              "name": "24514",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24514"
            },
            {
              "name": "HPSBTU02232",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
            },
            {
              "name": "GLSA-200703-21",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
            },
            {
              "name": "22805",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22805"
            },
            {
              "name": "SSRT071429",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
            },
            {
              "name": "25062",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25062"
            },
            {
              "name": "ADV-2007-2374",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2374"
            },
            {
              "name": "SUSE-SA:2007:020",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
            },
            {
              "name": "25423",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25423"
            },
            {
              "name": "USN-455-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-455-1"
            },
            {
              "name": "3413",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/3413"
            },
            {
              "name": "DSA-1282",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1282"
            },
            {
              "name": "oval:org.mitre.oval:def:10792",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
            },
            {
              "name": "HPSBMA02215",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
            },
            {
              "name": "25850",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25850"
            },
            {
              "name": "25057",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25057"
            },
            {
              "name": "SUSE-SA:2007:032",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
            },
            {
              "name": "25025",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25025"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1380",
    "datePublished": "2007-03-10T05:00:00.000Z",
    "dateReserved": "2007-03-09T05:00:00.000Z",
    "dateUpdated": "2024-08-07T12:50:35.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-144

Vulnerability from certfr_avis - Published: 2007-03-27 - Updated: 2007-03-27

Plusieurs vulnérabilités découvertes dans PHP (PHP : Hypertext Processor) permettent à un utilisateur distant malintentionné de réaliser de nombreuses actions malveillantes sur le système vulnérable.

Ces vulnérabilités peuvent être exploitées à distance afin de contourner la politique de sécurité, d'exécuter du code arbitraire, de provoquer un déni de service en consommant de façon excessive les ressources du processeur et de porter atteinte à la confidentialité et à l'intégrité des données du système présentes en mémoire.

Solution

Appliquer les mises à jour de sécurité PHP en passant à la version 4.4.5 ou 5.2.1 disponibles aux adresses suivantes :

http://www.php.net/releases/4_4_5.php

http://www.php.net/releases/5_2_1.php

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	PHP antérieur à la version 4.4.5 ;
	PHP	PHP	PHP antérieur à la version 5.2.1.

References

Title

Publication Time

Tags

Bulletin de sécurité Gentoo GLSA-200703-21 du 20 mars 2007	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2007:0076 du 19 février 2007 :	-	other
Bulletin de sécurité Debian DSA 1264 du 07 mars 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0089 du 26 février 2007 :	-	other
Bulletin de sécurité Ubuntu USN-431-1 du 07 mars 2007 :	-	other
Mise à jour de sécurité PHP version 4.4.5 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:048 du 22 février 2007 :	-	other
Bulletin de sécurité Avaya ASA-2007-0076 du 06 mars 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2007:020 du 15 mars 2007 :	-	other
Bulletin de sécurité Avaya ASA-2007-0088 du 26 mars 2007 :	-	other
Mise à jour de sécurité PHP version 5.2.1 :	-	other
Bulletin de sécurité Ubuntu USN-423-1 du 20 février 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0081 du 21 février 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP ant\u00e9rieur \u00e0 la version 4.4.5 ;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP ant\u00e9rieur \u00e0 la version 5.2.1.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nAppliquer les mises \u00e0 jour de s\u00e9curit\u00e9 PHP en passant \u00e0 la version 4.4.5\nou 5.2.1 disponibles aux adresses suivantes :\n\n    http://www.php.net/releases/4_4_5.php\n\n    http://www.php.net/releases/5_2_1.php\n\n  \n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0988"
    },
    {
      "name": "CVE-2007-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1380"
    },
    {
      "name": "CVE-2007-0905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0905"
    },
    {
      "name": "CVE-2007-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1452"
    },
    {
      "name": "CVE-2007-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1376"
    },
    {
      "name": "CVE-2007-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1375"
    },
    {
      "name": "CVE-2007-0907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0907"
    },
    {
      "name": "CVE-2007-0906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0906"
    },
    {
      "name": "CVE-2007-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1453"
    },
    {
      "name": "CVE-2007-0909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0909"
    },
    {
      "name": "CVE-2007-0910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0910"
    },
    {
      "name": "CVE-2007-0908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0908"
    },
    {
      "name": "CVE-2007-1383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1383"
    },
    {
      "name": "CVE-2007-1454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1454"
    },
    {
      "name": "CVE-2007-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1286"
    }
  ],
  "initial_release_date": "2007-03-27T00:00:00",
  "last_revision_date": "2007-03-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0076 du 19 f\u00e9vrier    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0076.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1264 du 07 mars 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1264"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0089 du 26 f\u00e9vrier    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0089.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-431-1 du 07 mars 2007 :",
      "url": "http://www.ubuntulinux.org/usn/usn-431-1"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 PHP version 4.4.5 :",
      "url": "http://www.php.net/releases/4_4_5.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:048 du 22 f\u00e9vrier    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:048"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-0076 du 06 mars 2007 :",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-0076.htm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:020 du 15 mars 2007    :",
      "url": "http://lists.suse.com/archive/archive/suse-security-announce/2007-Mar/0003.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-0088 du 26 mars 2007 :",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-0088.htm"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 PHP version 5.2.1 :",
      "url": "http://www.php.net/releases/5_2_1.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-423-1 du 20 f\u00e9vrier 2007 :",
      "url": "http://www.ubuntulinux.org/usn/usn-423-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0081 du 21 f\u00e9vrier    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0081.html"
    }
  ],
  "reference": "CERTA-2007-AVI-144",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans PHP (PHP : Hypertext\nProcessor) permettent \u00e0 un utilisateur distant malintentionn\u00e9 de\nr\u00e9aliser de nombreuses actions malveillantes sur le syst\u00e8me vuln\u00e9rable.\n\n  \n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es \u00e0 distance afin de contourner\nla politique de s\u00e9curit\u00e9, d\u0027ex\u00e9cuter du code arbitraire, de provoquer un\nd\u00e9ni de service en consommant de fa\u00e7on excessive les ressources du\nprocesseur et de porter atteinte \u00e0 la confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es du syst\u00e8me pr\u00e9sentes en m\u00e9moire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200703-21 du 20 mars 2007",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml"
    }
  ]
}

CERTA-2007-AVI-201

Vulnerability from certfr_avis - Published: 2007-05-07 - Updated: 2007-05-29

Plusieurs vulnérabilités avaient été identifiées à l'occasion du MoPB (le Month Of PHP Bugs). L'exploitation de ces dernières peut avoir divers impacts sur le serveur vulnérable. Les mises à jour récentes de PHP corrigent la plupart de ces vulnérabilités.

Description

Plusieurs vulnérabilités avaient été identifiées en mars 2007 à l'occasion du MoPB (le Month Of PHP Bugs). A cette occasion, le CERTA a publié dans son bulletin d'actualité CERTA-2007-ACT-012 une revue des plus importantes d'entre elles. Les conséquences de l'exploitation de ces dernières sont diverses, pouvant être un dysfonctionnement du serveur vulnérable ou l'exécution de code arbitraire sur celui-ci.

Solution

Se référer aux bulletins de sécurité des différents éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	PHP 5, pour les versions antérieures à 5.2.2.
	PHP	PHP	PHP 4, pour les versions antérieures à 4.4.7 ;

References

Title

Publication Time

Tags

Bulletins des mises à jour PHP du 03 mai 2007	None	vendor-advisory
Mise à jour de sécurité Fedora Core 6 du 18 avril 2007 :	-	other
Bulletin de sécurité Ubuntu USN-455-1 du 27 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:090 du 18 avril 2007 :	-	other
Site de téléchargement des dernières versions PHP :	-	other
Note de changement de version pour PHP 4 version 4.4.7 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:087 du 18 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:091 du 18 avril 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200705-19 du 26 mai 2007 :	-	other
Bulletin d'actualité CERTA-2007-ACT-012 du 23 mars 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2007:032 du 23 mai 2007 :	-	other
Note de changement de version pour PHP 5 version 5.2.2 :	-	other
Bulletin de sécurité Debian DSA 1283-1 du 29 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:089 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0155 du 16 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:088 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0153 du 20 avril 2007 :	-	other
Bulletin de sécurité Debian DSA 1282-1 du 26 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 5, pour les versions ant\u00e9rieures \u00e0 5.2.2.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 4, pour les versions ant\u00e9rieures \u00e0 4.4.7 ;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es en mars 2007 \u00e0\nl\u0027occasion du MoPB (le Month Of PHP Bugs). A cette occasion, le CERTA a\npubli\u00e9 dans son bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 une revue des\nplus importantes d\u0027entre elles. Les cons\u00e9quences de l\u0027exploitation de\nces derni\u00e8res sont diverses, pouvant \u00eatre un dysfonctionnement du\nserveur vuln\u00e9rable ou l\u0027ex\u00e9cution de code arbitraire sur celui-ci.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-1889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1889"
    },
    {
      "name": "CVE-2007-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1380"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1900"
    },
    {
      "name": "CVE-2007-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1718"
    },
    {
      "name": "CVE-2007-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1887"
    },
    {
      "name": "CVE-2007-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1376"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1375"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0455"
    },
    {
      "name": "CVE-2007-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1700"
    },
    {
      "name": "CVE-2007-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1453"
    },
    {
      "name": "CVE-2007-1824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1824"
    },
    {
      "name": "CVE-2007-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1777"
    },
    {
      "name": "CVE-2007-1454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1454"
    },
    {
      "name": "CVE-2007-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1286"
    }
  ],
  "initial_release_date": "2007-05-07T00:00:00",
  "last_revision_date": "2007-05-29T00:00:00",
  "links": [
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 6 du 18 avril 2007 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-455-1 du 27 avril 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:090 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:090"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement des derni\u00e8res versions PHP :",
      "url": "http://fr2.php.net/downloads.php"
    },
    {
      "title": "Note de changement de version pour PHP 4 version 4.4.7 :",
      "url": "http://www.php.net/ChangeLog-4.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:087 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:087"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:091 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:091"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200705-19 du 26 mai 2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 du 23 mars 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-012.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:032 du 23 mai 2007 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html"
    },
    {
      "title": "Note de changement de version pour PHP 5 version 5.2.2 :",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1283-1 du 29 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1283-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:089 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:089"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0155 du 16 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:088 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:088"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0153 du 20 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0153.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1282-1 du 26 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1282-1"
    }
  ],
  "reference": "CERTA-2007-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-07T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u0155ences aux bulletins de s\u00e9curit\u00e9 Gentoo, SuSE, Mandriva, Red Hat.",
      "revision_date": "2007-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es \u00e0 l\u0027occasion du MoPB\n(le \u003cspan class=\"textit\"\u003eMonth Of PHP Bugs\u003c/span\u003e). L\u0027exploitation de\nces derni\u00e8res peut avoir divers impacts sur le serveur vuln\u00e9rable. Les\nmises \u00e0 jour r\u00e9centes de PHP corrigent la plupart de ces vuln\u00e9rabilit\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins des mises \u00e0 jour PHP du 03 mai 2007",
      "url": null
    }
  ]
}

GSD-2007-1380

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1380

Aliases

CVE-2007-1380

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1380",
    "description": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.",
    "id": "GSD-2007-1380",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-1380.html",
      "https://www.debian.org/security/2007/dsa-1283",
      "https://www.debian.org/security/2007/dsa-1282",
      "https://access.redhat.com/errata/RHSA-2007:0089",
      "https://access.redhat.com/errata/RHSA-2007:0088",
      "https://access.redhat.com/errata/RHSA-2007:0082",
      "https://access.redhat.com/errata/RHSA-2007:0081",
      "https://access.redhat.com/errata/RHSA-2007:0076",
      "https://linux.oracle.com/cve/CVE-2007-1380.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1380"
      ],
      "details": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.",
      "id": "GSD-2007-1380",
      "modified": "2023-12-13T01:21:40.036820Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1380",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-1991",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1991"
          },
          {
            "name": "25056",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25056"
          },
          {
            "name": "http://www.php-security.org/MOPB/MOPB-10-2007.html",
            "refsource": "MISC",
            "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
          },
          {
            "name": "DSA-1283",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1283"
          },
          {
            "name": "SSRT071423",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "24606",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24606"
          },
          {
            "name": "24514",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24514"
          },
          {
            "name": "HPSBTU02232",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "GLSA-200703-21",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
          },
          {
            "name": "22805",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22805"
          },
          {
            "name": "SSRT071429",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
          },
          {
            "name": "25062",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25062"
          },
          {
            "name": "ADV-2007-2374",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2374"
          },
          {
            "name": "SUSE-SA:2007:020",
            "refsource": "SUSE",
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
          },
          {
            "name": "25423",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25423"
          },
          {
            "name": "USN-455-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-455-1"
          },
          {
            "name": "3413",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/3413"
          },
          {
            "name": "DSA-1282",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1282"
          },
          {
            "name": "oval:org.mitre.oval:def:10792",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
          },
          {
            "name": "HPSBMA02215",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
          },
          {
            "name": "25850",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25850"
          },
          {
            "name": "25057",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25057"
          },
          {
            "name": "SUSE-SA:2007:032",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
          },
          {
            "name": "25025",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25025"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1380"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.php-security.org/MOPB/MOPB-10-2007.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
            },
            {
              "name": "GLSA-200703-21",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
            },
            {
              "name": "SUSE-SA:2007:020",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
            },
            {
              "name": "22805",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22805"
            },
            {
              "name": "24514",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24514"
            },
            {
              "name": "24606",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24606"
            },
            {
              "name": "DSA-1282",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1282"
            },
            {
              "name": "DSA-1283",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1283"
            },
            {
              "name": "USN-455-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-455-1"
            },
            {
              "name": "25025",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25025"
            },
            {
              "name": "25062",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25062"
            },
            {
              "name": "25057",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25057"
            },
            {
              "name": "SUSE-SA:2007:032",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
            },
            {
              "name": "25056",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25056"
            },
            {
              "name": "25423",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25423"
            },
            {
              "name": "25850",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25850"
            },
            {
              "name": "ADV-2007-2374",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2374"
            },
            {
              "name": "ADV-2007-1991",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1991"
            },
            {
              "name": "HPSBTU02232",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
            },
            {
              "name": "SSRT071423",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
            },
            {
              "name": "3413",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/3413"
            },
            {
              "name": "oval:org.mitre.oval:def:10792",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2007-03-10T00:19Z"
    }
  }
}

GHSA-599V-CG8R-98QV

Vulnerability from github – Published: 2022-05-01 17:52 – Updated: 2022-05-01 17:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1380"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-10T00:19:00Z",
    "severity": "MODERATE"
  },
  "details": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.",
  "id": "GHSA-599v-cg8r-98qv",
  "modified": "2022-05-01T17:52:58Z",
  "published": "2022-05-01T17:52:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1380"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/3413"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
    },
    {
      "type": "WEB",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24514"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24606"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25025"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25056"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25057"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25423"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25850"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1282"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
    },
    {
      "type": "WEB",
      "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22805"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1991"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2374"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-1380

Vulnerability from fkie_nvd - Published: 2007-03-10 00:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
cve@mitre.org	http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
cve@mitre.org	http://secunia.com/advisories/24514
cve@mitre.org	http://secunia.com/advisories/24606
cve@mitre.org	http://secunia.com/advisories/25025
cve@mitre.org	http://secunia.com/advisories/25056
cve@mitre.org	http://secunia.com/advisories/25057
cve@mitre.org	http://secunia.com/advisories/25062
cve@mitre.org	http://secunia.com/advisories/25423
cve@mitre.org	http://secunia.com/advisories/25850
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200703-21.xml
cve@mitre.org	http://www.debian.org/security/2007/dsa-1282
cve@mitre.org	http://www.debian.org/security/2007/dsa-1283
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_32_php.html
cve@mitre.org	http://www.php-security.org/MOPB/MOPB-10-2007.html	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/22805
cve@mitre.org	http://www.ubuntu.com/usn/usn-455-1
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1991
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2374
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792
cve@mitre.org	https://www.exploit-db.com/exploits/3413
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
af854a3a-2127-422b-91ae-364da2661108	http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24514
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24606
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25025
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25056
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25057
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25062
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25423
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25850
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200703-21.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1282
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1283
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_32_php.html
af854a3a-2127-422b-91ae-364da2661108	http://www.php-security.org/MOPB/MOPB-10-2007.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22805
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-455-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1991
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2374
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/3413

Impacted products

Vendor	Product	Version
php	php	4.0
php	php	4.0
php	php	4.0
php	php	4.0
php	php	4.0
php	php	4.0
php	php	4.0
php	php	4.0
php	php	4.0.0
php	php	4.0.1
php	php	4.0.1
php	php	4.0.1
php	php	4.0.2
php	php	4.0.3
php	php	4.0.3
php	php	4.0.4
php	php	4.0.4
php	php	4.0.5
php	php	4.0.6
php	php	4.0.7
php	php	4.0.7
php	php	4.0.7
php	php	4.0.7
php	php	4.1.0
php	php	4.1.1
php	php	4.1.2
php	php	4.2
php	php	4.2.0
php	php	4.2.1
php	php	4.2.2
php	php	4.2.3
php	php	4.3.0
php	php	4.3.1
php	php	4.3.2
php	php	4.3.3
php	php	4.3.4
php	php	4.3.5
php	php	4.3.6
php	php	4.3.7
php	php	4.3.8
php	php	4.3.9
php	php	4.3.10
php	php	4.3.11
php	php	4.4.0
php	php	4.4.1
php	php	4.4.2
php	php	4.4.3
php	php	4.4.4
php	php	5.0
php	php	5.0
php	php	5.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "AEEF2298-98E8-409F-9205-84817CEF947B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6AFC00BA-D64D-4407-AC69-FDD9FF013943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D80F2A8B-B57F-4970-867A-55E8187C1502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "EF4E0EFE-4FF6-4E8F-8EC5-68B059FC0C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "49965B80-DC27-4864-BDF0-CBBFF16BFD80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8212495A-0F2A-4787-93F2-F6618F9A777B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C6F0F8FC-C57A-4AEA-A59F-41140347318A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF57C14-86B6-419A-BAFF-93D01CB1E081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "419867C6-37BE-43B4-BFE0-6325FEE3807D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "37896E87-95C2-4039-8362-BC03B1C56706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "8667FBC6-04B6-40E5-93B3-6C22BEED4B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "9B8B3138-3DCC-4682-B9A8-920E1110700D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC6A6F47-5C7C-4F82-B23B-9C959C69B27F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "AE1A4DA6-6181-43A8-B0D8-5A016C3E75FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "6E36203C-1392-49BB-AE7E-49626963D673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*",
              "matchCriteriaId": "BBA861A2-F0CD-4DBB-B43A-4970EB114DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B7BA75-2A32-4A8E-ADF8-BCB4FC48CB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEA491B-77FD-4760-8F6F-3EBC6BD810D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB25CFBB-347C-479E-8853-F49DD6CBD7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D2937B3-D034-400E-84F5-33833CE3764D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "71AEE8B4-FCF8-483B-8D4C-2E80A02E925E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3797AB5-9E49-4251-A212-B6E5D9996764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read."
    },
    {
      "lang": "es",
      "value": "El manejador de serializaci\u00f3n php_binary en la extensi\u00f3n de sesi\u00f3n de PHP anterior a 4.4.5, y 5.x anterior a 5.2.1, permite a atacantes dependientes del contexto obtener informaci\u00f3n sensible (contenidos de memoria) a trav\u00e9s de entradas de variables serializables con un valor length, lo cual dispara un desbordamiento de b\u00fafer de lectura."
    }
  ],
  "id": "CVE-2007-1380",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-10T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24514"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24606"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25025"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25056"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25423"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25850"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1282"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22805"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1991"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2374"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/3413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01056506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01086137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.php-security.org/MOPB/MOPB-10-2007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/3413"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Our previous fixes for CVE-2007-0906 included a patch that also addressed the issue now given CVE name CVE-2007-1380.  For a full list of versions that contained a fix for this issue please see: https://rhn.redhat.com/cve/CVE-2007-1380.html",
      "lastModified": "2007-05-11T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1380 (GCVE-0-2007-1380)

CERTA-2007-AVI-144

Solution

CERTA-2007-AVI-201

Description

Solution

GSD-2007-1380

GHSA-599V-CG8R-98QV

FKIE_CVE-2007-1380

Tags

Sightings

Nomenclature