Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2007-4586 CVE-2007-4441 CVE-2007-0448 CVE-2007-1889 CVE-2007-1701 CVE-2007-1584 CVE-2007-1453 CVE-2007-1454 |
| CWE-ID | CWE-119 CWE-20 CWE-502 CWE-79 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU110380
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2007-4586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.0
CPE2.3 External linkshttps://www.securityfocus.com/bid/25452
https://exchange.xforce.ibmcloud.com/vulnerabilities/36262
https://www.exploit-db.com/exploits/4318
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Input validation error
EUVDB-ID: #VU110383
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2007-4441
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to read and manipulate data.
Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.0
CPE2.3 External linkshttps://www.securityfocus.com/bid/25414
https://exchange.xforce.ibmcloud.com/vulnerabilities/36118
https://www.exploit-db.com/exploits/4293
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Input validation error
EUVDB-ID: #VU110395
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2007-0448
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.0
CPE2.3 External linkshttps://securityreason.com/achievement_securityalert/44
https://securityreason.com/securityalert/2175
https://www.securityfocus.com/bid/22261
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Input validation error
EUVDB-ID: #VU110413
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2007-1889
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.0
CPE2.3 External linkshttps://secunia.com/advisories/25056
https://secunia.com/advisories/25062
https://www.debian.org/security/2007/dsa-1283
https://www.novell.com/linux/security/advisories/2007_32_php.html
https://www.php-security.org/MOPB/MOPB-43-2007.html
https://www.php-security.org/MOPB/MOPB-44-2007.html
https://www.securityfocus.com/bid/23238
https://exchange.xforce.ibmcloud.com/vulnerabilities/33770
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Deserialization of Untrusted Data
EUVDB-ID: #VU110423
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2007-1701
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". Successful exploitation requires that variable "register_globals" is enabled.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: before
CPE2.3 External linkshttps://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
https://secunia.com/advisories/25423
https://secunia.com/advisories/25445
https://secunia.com/advisories/25850
https://security.gentoo.org/glsa/glsa-200705-19.xml
https://www.php-security.org/MOPB/MOPB-31-2007.html
https://www.securityfocus.com/bid/23120
https://www.vupen.com/english/advisories/2007/1991
https://www.vupen.com/english/advisories/2007/2374
https://exchange.xforce.ibmcloud.com/vulnerabilities/33658
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11034
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Input validation error
EUVDB-ID: #VU110431
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2007-1584
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '�' characters in whitespace that precedes the string.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.0
CPE2.3 External linkshttps://www.php-security.org/MOPB/MOPB-25-2007.html
https://www.exploit-db.com/exploits/3517
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Input validation error
EUVDB-ID: #VU110437
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2007-1453
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.0
CPE2.3 External linkshttps://secunia.com/advisories/25056
https://secunia.com/advisories/25062
https://www.debian.org/security/2007/dsa-1283
https://www.novell.com/linux/security/advisories/2007_32_php.html
https://www.php.net/releases/5_2_1.php
https://www.php-security.org/MOPB/MOPB-19-2007.html
https://www.securityfocus.com/bid/22922
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Cross-site scripting
EUVDB-ID: #VU110438
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2007-1454
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via "ext/filter" when certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website .
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.0
CPE2.3 External linkshttps://secunia.com/advisories/25056
https://secunia.com/advisories/25062
https://www.debian.org/security/2007/dsa-1283
https://www.mandriva.com/security/advisories?name=MDKSA-2007:090
https://www.novell.com/linux/security/advisories/2007_32_php.html
https://www.php-security.org/MOPB/MOPB-18-2007.html
https://www.securityfocus.com/bid/22914
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
