| Vulnerability Name: | CVE-2007-1649 (CCN-33170) | ||||||||
| Assigned: | 2007-03-23 | ||||||||
| Published: | 2007-03-23 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N) 6.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:POC/RL:OF/RC:C)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-1649 Source: CCN Type: SA24630 PHP "unserialize()" and "str_replace()" Vulnerabilities Source: SECUNIA Type: UNKNOWN 24630 Source: CONFIRM Type: UNKNOWN http://us2.php.net/releases/5_2_2.php Source: MANDRIVA Type: UNKNOWN MDVSA-2008:126 Source: CCN Type: OSVDB ID: 33943 PHP unserialize() S: Data Type Arbitrary Memory Disclosure Source: CCN Type: MOPB-29-2007 PHP 5.2.1 unserialize() Information Leak Vulnerability Source: MISC Type: Exploit http://www.php-security.org/MOPB/MOPB-29-2007.html Source: CCN Type: PHP Web site PHP: Hypertext Preprocessor Source: CCN Type: The PHP Group Web site PHP 5.2.2 Release Announcement Source: BID Type: UNKNOWN 23105 Source: CCN Type: BID-23105 PHP S Data Type Serialization Format Heap Information Leak Vulnerability Source: XF Type: UNKNOWN php-unserialize-information-disclosure(33170) Source: XF Type: UNKNOWN php-unserialize-information-disclosure(33170) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||