Vulnerability Name: | CVE-2007-1701 (CCN-33658) |
Assigned: | 2007-02-14 |
Published: | 2007-02-14 |
Updated: | 2019-10-09 |
Summary: | PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". |
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial |
|
Vulnerability Type: | CWE-502
|
Vulnerability Consequences: | Gain Privileges |
References: | Source: MITRE Type: CNA CVE-2007-1701
Source: HP Type: Broken Link SSRT071423
Source: HP Type: Broken Link HPSBTU02232
Source: CCN Type: HP Security Bulletin HPSBTU02232 SSRT071429 Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)
Source: CCN Type: RHSA-2007-0076 Important: php security update
Source: CCN Type: RHSA-2007-0081 Important: php security update
Source: CCN Type: RHSA-2007-0082 Important: php security update
Source: CCN Type: RHSA-2007-0088 Important: php security update
Source: CCN Type: RHSA-2007-0089 Important: php security update for Stronghold
Source: CCN Type: SA25423 HP System Management Homepage PHP Multiple Vulnerabilities
Source: SECUNIA Type: Third Party Advisory 25423
Source: SECUNIA Type: Third Party Advisory 25445
Source: CCN Type: SA25850 HP Secure Web Server/Internet Express for Tru64 UNIX PHP Vulnerabilities
Source: SECUNIA Type: Third Party Advisory 25850
Source: GENTOO Type: Third Party Advisory GLSA-200705-19
Source: CCN Type: GLSA-200705-19 PHP: Multiple vulnerabilities
Source: CCN Type: MOPB-31-2007 PHP _SESSION Deserialization Overwrite Vulnerability
Source: MISC Type: Third Party Advisory http://www.php-security.org/MOPB/MOPB-31-2007.html
Source: CCN Type: PHP Web site PHP: Hypertext Preprocessor
Source: BID Type: Third Party Advisory, VDB Entry 23120
Source: CCN Type: BID-23120 PHP Session Data Deserialization Arbitrary Code Execution Vulnerability
Source: VUPEN Type: Third Party Advisory ADV-2007-1991
Source: VUPEN Type: Third Party Advisory ADV-2007-2374
Source: XF Type: Third Party Advisory, VDB Entry php-sessiondecode-code-execution(33658)
Source: XF Type: UNKNOWN php-sessiondecode-code-execution(33658)
Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:11034
|
Vulnerable Configuration: | Configuration 1: cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.4.5)OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.2.1) Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2: cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3: cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4: cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5: cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration RedHat 6: cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 7: cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 8: cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1: cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*AND cpe:/a:redhat:stronghold:-:*:*:*:*:*:*:*OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
Definition ID | Class | Title | Last Modified |
---|
oval:org.mitre.oval:def:22487 | P | ELSA-2007:0082: php security update (Important) | 2014-05-26 | oval:org.mitre.oval:def:11034 | V | PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSIONs:39:". | 2013-04-29 | oval:com.redhat.rhsa:def:20070076 | P | RHSA-2007:0076: php security update (Important) | 2008-03-20 | oval:com.redhat.rhsa:def:20070082 | P | RHSA-2007:0082: php security update (Important) | 2008-03-20 |
|
BACK |
php php *
php php *
php php 4.0.5
php php 4.1.1
php php 4.2.0
php php 4.2.1
php php 4.2.3
php php 4.2.2
php php 4.3.0
php php 4.3.4
php php 4.3.9
php php 4.3.10
php php 5.0.3
php php 4.3.11
php php 5.0.4
php php 5.0.0
php php 4.4.0
php php 5.0.5
php php 5.1.1
php php 5.1.2
php php 5.1.4
php php 4.4.2
php php 4.3.3
php php 5.0.2
php php 4.4.3
php php 5.1.6
php php 5.2.0
php php 5.2.1
php php 4.4.5
php php 4.0.0
php php 4.0.1
php php 4.0.2
php php 4.0.3
php php 4.0.4
php php 4.0.6
php php 4.0.7
php php 4.0 beta_4_patch1
php php 4.0 beta1
php php 4.0 beta2
php php 4.0 beta3
php php 4.0 beta4
php php 4.1.0
php php 4.1.2
php php 4.3.1
php php 4.3.2
php php 4.3.5
php php 4.3.6
php php 4.3.7
php php 4.3.8
php php 4.4.1
php php 4.4.4
php php 5.0.0 beta1
php php 5.0.0 beta2
php php 5.0.0 beta3
php php 5.0.0 beta4
php php 5.0.0 rc1
php php 5.0.0 rc2
php php 5.0.0 rc3
php php 5.0.1
php php 5.1.0
php php 5.1.3
php php 5.1.5
php php 4.0 rc1
php php 4.0 rc2
redhat stronghold -
gentoo linux *
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat linux advanced workstation 2.1
redhat enterprise linux 5
redhat enterprise linux 5