| Revision Date: | 2013-04-29 | Version: | 12 | | Title: | PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | | Description: | PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2007-4782
| | Platform(s): | CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
| Product(s): | | | Definition Synopsis | | OS Section: RHEL3, CentOS3 RHEL3 or CentOS3
The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND Configuration section
php is earlier than 0:4.3.2-48.ent
OR php-pgsql is earlier than 0:4.3.2-48.ent
OR php-mysql is earlier than 0:4.3.2-48.ent
OR php-ldap is earlier than 0:4.3.2-48.ent
OR php-imap is earlier than 0:4.3.2-48.ent
OR php-odbc is earlier than 0:4.3.2-48.ent
OR php-devel is earlier than 0:4.3.2-48.ent
OR OS Section: RHEL4, CentOS4, Oracle Linux 4
RHEL4, CentOS4 or Oracle Linux 4
The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND Configuration section
php-xmlrpc is earlier than 0:4.3.9-3.22.12
OR php-snmp is earlier than 0:4.3.9-3.22.12
OR php-domxml is earlier than 0:4.3.9-3.22.12
OR php-mysql is earlier than 0:4.3.9-3.22.12
OR php-imap is earlier than 0:4.3.9-3.22.12
OR php-gd is earlier than 0:4.3.9-3.22.12
OR php is earlier than 0:4.3.9-3.22.12
OR php-mbstring is earlier than 0:4.3.9-3.22.12
OR php-pgsql is earlier than 0:4.3.9-3.22.12
OR php-pear is earlier than 0:4.3.9-3.22.12
OR php-ldap is earlier than 0:4.3.9-3.22.12
OR php-odbc is earlier than 0:4.3.9-3.22.12
OR php-ncurses is earlier than 0:4.3.9-3.22.12
OR php-devel is earlier than 0:4.3.9-3.22.12
OR OS Section: RHEL5, CentOS5, Oracle Linux 5
RHEL5, CentOS5 or Oracle Linux 5
The operating system installed on the system is Red Hat Enterprise Linux 5
OR The operating system installed on the system is CentOS Linux 5.x
OR Oracle Linux 5.x
AND Configuration section
php-bcmath is earlier than 0:5.1.6-20.el5_2.1
OR php-soap is earlier than 0:5.1.6-20.el5_2.1
OR php-common is earlier than 0:5.1.6-20.el5_2.1
OR php-mysql is earlier than 0:5.1.6-20.el5_2.1
OR php-imap is earlier than 0:5.1.6-20.el5_2.1
OR php-gd is earlier than 0:5.1.6-20.el5_2.1
OR php is earlier than 0:5.1.6-20.el5_2.1
OR php-mbstring is earlier than 0:5.1.6-20.el5_2.1
OR php-pgsql is earlier than 0:5.1.6-20.el5_2.1
OR php-xml is earlier than 0:5.1.6-20.el5_2.1
OR php-ldap is earlier than 0:5.1.6-20.el5_2.1
OR php-odbc is earlier than 0:5.1.6-20.el5_2.1
OR php-ncurses is earlier than 0:5.1.6-20.el5_2.1
OR php-devel is earlier than 0:5.1.6-20.el5_2.1
OR php-xmlrpc is earlier than 0:5.1.6-20.el5_2.1
OR php-snmp is earlier than 0:5.1.6-20.el5_2.1
OR php-pdo is earlier than 0:5.1.6-20.el5_2.1
OR php-dba is earlier than 0:5.1.6-20.el5_2.1
OR php-cli is earlier than 0:5.1.6-20.el5_2.1
|
|