| Vulnerability Name: | CVE-2007-1711 (CCN-33575) | ||||||||||||||||||||||||||||
| Assigned: | 2007-03-25 | ||||||||||||||||||||||||||||
| Published: | 2007-03-25 | ||||||||||||||||||||||||||||
| Updated: | 2018-10-16 | ||||||||||||||||||||||||||||
| Summary: | Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. Note: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007). | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-1711 Source: CCN Type: Apple Security Update 2007-007 About Security Update 2007-007 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=306172 Source: CCN Type: Apple Web site Apple security updates Source: APPLE Type: UNKNOWN APPLE-SA-2007-07-31 Source: CCN Type: RHSA-2007-0154 Important: php security update Source: REDHAT Type: UNKNOWN RHSA-2007:0154 Source: CCN Type: RHSA-2007-0155 Important: php security update Source: REDHAT Type: UNKNOWN RHSA-2007:0155 Source: CCN Type: RHSA-2007-0163 Important: php security update for Stronghold Source: REDHAT Type: UNKNOWN RHSA-2007:0163 Source: SECUNIA Type: UNKNOWN 24910 Source: SECUNIA Type: UNKNOWN 24924 Source: SECUNIA Type: UNKNOWN 24941 Source: SECUNIA Type: UNKNOWN 24945 Source: SECUNIA Type: UNKNOWN 25025 Source: SECUNIA Type: UNKNOWN 25062 Source: SECUNIA Type: UNKNOWN 25445 Source: CCN Type: SA26235 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 26235 Source: GENTOO Type: UNKNOWN GLSA-200705-19 Source: CCN Type: ASA-2007-195 php security update (RHSA-2007-0154) Source: CCN Type: ASA-2007-196 php security update (RHSA-2007-0155) Source: DEBIAN Type: UNKNOWN DSA-1282 Source: DEBIAN Type: UNKNOWN DSA-1283 Source: DEBIAN Type: DSA-1282 php4 -- several vulnerabilities Source: DEBIAN Type: DSA-1283 php5 -- several vulnerabilities Source: CCN Type: GLSA-200705-19 PHP: Multiple vulnerabilities Source: MANDRIVA Type: UNKNOWN MDKSA-2007:087 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:088 Source: CCN Type: MOPB-32-2007 PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability Source: MISC Type: UNKNOWN http://www.php-security.org/MOPB/MOPB-32-2007.html Source: CCN Type: PHP Web site PHP: Hypertext Preprocessor Source: BUGTRAQ Type: UNKNOWN 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql Source: BID Type: UNKNOWN 23121 Source: CCN Type: BID-23121 PHP Session_Decode Double Free Memory Corruption Vulnerability Source: BID Type: UNKNOWN 25159 Source: CCN Type: BID-25159 Apple Mac OS X 2007-007 Multiple Security Vulnerabilities Source: CCN Type: TLSA-2007-29 Multiple vulnerabilities in php Source: VUPEN Type: UNKNOWN ADV-2007-2732 Source: XF Type: UNKNOWN php-deserializer-code-execution(33575) Source: XF Type: UNKNOWN php-deserializer-code-execution(33575) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1268 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10406 | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||