Vulnerability Name:

CVE-2007-4782 (CCN-36457)

Assigned:2007-09-04
Published:2007-09-04
Updated:2018-10-15
Summary:PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value.
Note: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-94
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Tue Sep 04 2007 - 16:19:51 CDT
PHP < 5.2.3 fnmatch() denial of service

Source: MITRE
Type: CNA
CVE-2007-4782

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:004

Source: OSVDB
Type: UNKNOWN
38686

Source: CCN
Type: RHSA-2008-0505
Moderate: Red Hat Application Stack v2.1 security and enhancement update

Source: CCN
Type: RHSA-2008-0544
Moderate: php security update

Source: CCN
Type: RHSA-2008-0545
Moderate: php security and bug fix update

Source: CCN
Type: RHSA-2008-0582
Moderate: php security update

Source: SECUNIA
Type: UNKNOWN
27102

Source: SECUNIA
Type: UNKNOWN
28658

Source: SECUNIA
Type: UNKNOWN
30828

Source: SECUNIA
Type: UNKNOWN
31119

Source: SECUNIA
Type: UNKNOWN
31200

Source: SREASON
Type: UNKNOWN
3109

Source: CCN
Type: ASA-2008-313
php security update (RHSA-2008-0544)

Source: CCN
Type: ASA-2008-320
php security and bug fix update (RHSA-2008-0545)

Source: CCN
Type: ASA-2008-326
php security update (RHSA-2008-0582)

Source: CCN
Type: GLSA-200710-02
PHP: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200710-02

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:022

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:023

Source: CCN
Type: OSVDB ID: 38686
PHP glibc Implementation fnmatch() Function Overflow

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0505

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0544

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0545

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0582

Source: BUGTRAQ
Type: UNKNOWN
20070904 PHP < 5.2.3 glob() denial of service

Source: BUGTRAQ
Type: UNKNOWN
20070904 PHP < 5.2.3 fnmatch() denial of service

Source: BUGTRAQ
Type: Exploit
20070905 PHP < 5.2.3 glob() denial of service

Source: CCN
Type: TLSA-2009-2
Multiple vulnerabilities exist in php

Source: CCN
Type: USN-628-1
PHP vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-628-1

Source: XF
Type: UNKNOWN
php-fnmatch-dos(36457)

Source: XF
Type: UNKNOWN
php-fnmatch-dos(36457)

Source: XF
Type: UNKNOWN
php-globfunction-dos(36461)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10897

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-3864

Source: SUSE
Type: SUSE-SA:2008:004
php5 php4 Security Problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.2.3)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-4782 (CCN-36461)

    Assigned:2007-09-04
    Published:2007-09-04
    Updated:2018-10-15
    Summary:PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value.
    Note: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-94
    Vulnerability Consequences:Denial of Service
    References:Source: CCN
    Type: BugTraq Mailing List, Tue Sep 04 2007 - 16:05:51 CDT
    PHP < 5.2.3 glob() denial of service

    Source: MITRE
    Type: CNA
    CVE-2007-4782

    Source: CCN
    Type: RHSA-2008-0505
    Moderate: Red Hat Application Stack v2.1 security and enhancement update

    Source: CCN
    Type: RHSA-2008-0544
    Moderate: php security update

    Source: CCN
    Type: RHSA-2008-0545
    Moderate: php security and bug fix update

    Source: CCN
    Type: RHSA-2008-0582
    Moderate: php security update

    Source: CCN
    Type: ASA-2008-313
    php security update (RHSA-2008-0544)

    Source: CCN
    Type: ASA-2008-320
    php security and bug fix update (RHSA-2008-0545)

    Source: CCN
    Type: ASA-2008-326
    php security update (RHSA-2008-0582)

    Source: CCN
    Type: GLSA-200710-02
    PHP: Multiple vulnerabilities

    Source: CCN
    Type: OSVDB ID: 38686
    PHP glibc Implementation fnmatch() Function Overflow

    Source: CCN
    Type: PHP Web site
    PHP: Hypertext Preprocessor

    Source: CCN
    Type: TLSA-2009-2
    Multiple vulnerabilities exist in php

    Source: CCN
    Type: USN-628-1
    PHP vulnerabilities

    Source: XF
    Type: UNKNOWN
    php-globfunction-dos(36461)

    Source: SUSE
    Type: SUSE-SA:2008:004
    php5 php4 Security Problems

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20074782
    V
    		CVE-2007-4782
    2015-11-16
    oval:org.mitre.oval:def:29150
    P
    		RHSA-2008:0544 -- php security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:17737
    P
    		USN-628-1 -- php5 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:22394
    P
    		ELSA-2008:0544: php security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10897
    V
    		PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
    2013-04-29
    oval:com.redhat.rhsa:def:20080544
    P
    		RHSA-2008:0544: php security update (Moderate)
    2008-07-16
    oval:com.redhat.rhsa:def:20080545
    P
    		RHSA-2008:0545: php security and bug fix update (Moderate)
    2008-07-16
    BACK
    php php *
    php php 5.0.3 -
    php php 5.0.4 -
    php php 5.0.0 -
    php php 5.0.5 -
    php php 5.1.1
    php php 5.1.2 -
    php php 5.1.4
    php php 5.0.2 -
    php php 5.1.6
    php php 5.2.0
    php php 5.2.1 -
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1 -
    php php 5.1.0 -
    php php 5.1.3
    php php 5.1.5 -
    php php 5.2.2 -
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    canonical ubuntu 6.06
    novell suse linux enterprise server 10
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    suse novell linux pos 9
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux multimedia *
    turbolinux turbolinux appliance server 1.0_hosting_edition
    turbolinux turbolinux appliance server 1.0_workgroup_edition
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    canonical ubuntu 7.04
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    redhat rhel application stack 2
    redhat enterprise linux 4.6.z ga
    redhat enterprise linux 4.6.z ga
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3
    canonical ubuntu 8.04