Vulnerability CVE-2007-6039 - CERT Civis.Net

Vulnerability Name:

CVE-2007-6039 (CCN-38443)

Assigned:

2007-11-13

Published:

2007-11-13

Updated:

2018-10-15

Summary:

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function.
Note: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Tue Nov 13 2007 - 13:03:45 CST
PHP <= 5.2.5 Gettext Lib Multiple Denial of service

Source: MITRE
Type: CNA
CVE-2007-6039

Source: SREASON
Type: UNKNOWN
3365

Source: SREASON
Type: UNKNOWN
3366

Source: CCN
Type: OSVDB ID: 45304
PHP stream_wrapper_register() Function classname Parameter Remote DoS

Source: CCN
Type: OSVDB ID: 45305
PHP Multiple *gettext Functions DoS

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: BUGTRAQ
Type: UNKNOWN
20071113 PHP <= 5.2.5 stream_wrapper_register() denial of service

Source: BUGTRAQ
Type: UNKNOWN
20071113 PHP <= 5.2.5 Gettext Lib Multiple Denial of service

Source: BID
Type: UNKNOWN
26426

Source: CCN
Type: BID-26426
PHP stream_wrapper_register() Function Denial of Service Vulnerability

Source: BID
Type: UNKNOWN
26428

Source: CCN
Type: BID-26428
PHP Multiple GetText Functions Denial Of Service Vulnerabilities

Source: XF
Type: UNKNOWN
php-streamwrapperregister-dos(38442)

Source: XF
Type: UNKNOWN
php-multiple-gettext-dos(38443)

Source: XF
Type: UNKNOWN
php-multiple-gettext-dos(38443)

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.2.4)

Configuration CCN 1:

cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

Denotes that component is vulnerable