| Vulnerability Name: | CVE-2007-4784 (CCN-36458) | ||||||||
| Assigned: | 2007-09-04 | ||||||||
| Published: | 2007-09-04 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. Note: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Sep 04 2007 - 16:09:56 CDT PHP < 5.2.4 setlocale() denial of service Source: MITRE Type: CNA CVE-2007-4784 Source: SUSE Type: UNKNOWN SUSE-SA:2008:004 Source: OSVDB Type: UNKNOWN 38687 Source: SECUNIA Type: UNKNOWN 27102 Source: SECUNIA Type: UNKNOWN 28658 Source: SREASON Type: UNKNOWN 3114 Source: CCN Type: GLSA-200710-02 PHP: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200710-02 Source: CCN Type: OSVDB ID: 38687 PHP glibc Implementation setlocale() Function Overflow Source: CCN Type: PHP Web site PHP: Hypertext Preprocessor Source: BUGTRAQ Type: UNKNOWN 20070904 PHP < 5.2.4 setlocale() denial of service Source: XF Type: UNKNOWN php-setlocale-dos(36458) Source: XF Type: UNKNOWN php-setlocale-dos(36458) Source: SUSE Type: SUSE-SA:2008:004 php5 php4 Security Problems | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||