Multiple vulnerabilities in PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2008-2107 CVE-2008-2108 CVE-2008-2050 CVE-2008-2051 CVE-2007-5899 CVE-2007-5898 CVE-2007-5900 CVE-2007-5447 CVE-2007-4889 CVE-2007-4887 CVE-2007-4840 CVE-2007-4825 CVE-2007-4783 |
| CWE-ID | CWE-20 CWE-331 CWE-119 CWE-200 CWE-264 CWE-22 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #8 is available. |
| Vulnerable software |
PHP Universal components / Libraries / Scripting languages |
| Vendor | PHP Group |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU110344
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2008-2107
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.2:*:*:*:*:*:*:*
https://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
https://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
https://secunia.com/advisories/30757
https://secunia.com/advisories/30828
https://secunia.com/advisories/30967
https://secunia.com/advisories/31119
https://secunia.com/advisories/31124
https://secunia.com/advisories/31200
https://secunia.com/advisories/32746
https://secunia.com/advisories/35003
https://security.gentoo.org/glsa/glsa-200811-05.xml
https://securityreason.com/securityalert/3859
https://www.debian.org/security/2009/dsa-1789
https://www.mandriva.com/security/advisories?name=MDVSA-2008:125
https://www.mandriva.com/security/advisories?name=MDVSA-2008:126
https://www.mandriva.com/security/advisories?name=MDVSA-2008:127
https://www.mandriva.com/security/advisories?name=MDVSA-2008:128
https://www.mandriva.com/security/advisories?name=MDVSA-2008:129
https://www.mandriva.com/security/advisories?name=MDVSA-2008:130
https://www.redhat.com/support/errata/RHSA-2008-0505.html
https://www.redhat.com/support/errata/RHSA-2008-0544.html
https://www.redhat.com/support/errata/RHSA-2008-0545.html
https://www.redhat.com/support/errata/RHSA-2008-0546.html
https://www.redhat.com/support/errata/RHSA-2008-0582.html
https://www.securityfocus.com/archive/1/491683/100/0/threaded
https://www.sektioneins.de/advisories/SE-2008-02.txt
https://www.ubuntu.com/usn/usn-628-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/42226
https://exchange.xforce.ibmcloud.com/vulnerabilities/42284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient Entropy
EUVDB-ID: #VU110345
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2008-2108
CWE-ID:
CWE-331 - Insufficient Entropy
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: before
CPE2.3 External linkshttps://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
https://www.sektioneins.de/advisories/SE-2008-02.txt
https://www.mandriva.com/security/advisories?name=MDVSA-2008:130
https://www.redhat.com/support/errata/RHSA-2008-0582.html
https://www.mandriva.com/security/advisories?name=MDVSA-2008:128
https://www.mandriva.com/security/advisories?name=MDVSA-2008:125
https://secunia.com/advisories/31119
https://www.redhat.com/support/errata/RHSA-2008-0505.html
https://secunia.com/advisories/31200
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
https://secunia.com/advisories/30757
https://www.mandriva.com/security/advisories?name=MDVSA-2008:126
https://www.redhat.com/support/errata/RHSA-2008-0546.html
https://www.redhat.com/support/errata/RHSA-2008-0545.html
https://secunia.com/advisories/31124
https://www.mandriva.com/security/advisories?name=MDVSA-2008:127
https://www.redhat.com/support/errata/RHSA-2008-0544.html
https://www.mandriva.com/security/advisories?name=MDVSA-2008:129
https://www.ubuntu.com/usn/usn-628-1
https://secunia.com/advisories/30828
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
https://securityreason.com/securityalert/3859
https://secunia.com/advisories/35003
https://www.debian.org/security/2009/dsa-1789
https://secunia.com/advisories/32746
https://security.gentoo.org/glsa/glsa-200811-05.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/42226
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844
https://www.securityfocus.com/archive/1/491683/100/0/threaded
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU110347
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2008-2050
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.0.0 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.3:*:*:*:*:*:*:*
https://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u
https://www.php.net/ChangeLog-5.php
https://www.openwall.com/lists/oss-security/2008/05/02/2
https://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
https://issues.rpath.com/browse/RPL-2503
https://www.securityfocus.com/bid/29009
https://secunia.com/advisories/30048
https://secunia.com/advisories/30345
https://secunia.com/advisories/30967
https://secunia.com/advisories/31200
https://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
https://www.ubuntu.com/usn/usn-628-1
https://secunia.com/advisories/31326
https://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
https://www.debian.org/security/2008/dsa-1572
https://secunia.com/advisories/30158
https://secunia.com/advisories/30083
https://www.mandriva.com/security/advisories?name=MDVSA-2009:023
https://www.mandriva.com/security/advisories?name=MDVSA-2009:022
https://www.vupen.com/english/advisories/2008/2268
https://www.vupen.com/english/advisories/2008/1412
https://secunia.com/advisories/32746
https://security.gentoo.org/glsa/glsa-200811-05.xml
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
https://exchange.xforce.ibmcloud.com/vulnerabilities/42133
https://www.securityfocus.com/archive/1/492535/100/0/threaded
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU110348
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2008-2051
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.0.0 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.1.4:*:*:*:*:*:*:*
https://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
https://secunia.com/advisories/30048
https://secunia.com/advisories/30083
https://secunia.com/advisories/30158
https://secunia.com/advisories/30288
https://secunia.com/advisories/30345
https://secunia.com/advisories/30411
https://secunia.com/advisories/30757
https://secunia.com/advisories/30828
https://secunia.com/advisories/30967
https://secunia.com/advisories/31119
https://secunia.com/advisories/31124
https://secunia.com/advisories/31200
https://secunia.com/advisories/31326
https://secunia.com/advisories/32746
https://security.gentoo.org/glsa/glsa-200811-05.xml
https://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176
https://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
https://www.debian.org/security/2008/dsa-1572
https://www.debian.org/security/2008/dsa-1578
https://www.mandriva.com/security/advisories?name=MDVSA-2008:125
https://www.mandriva.com/security/advisories?name=MDVSA-2008:126
https://www.mandriva.com/security/advisories?name=MDVSA-2008:127
https://www.mandriva.com/security/advisories?name=MDVSA-2008:128
https://www.openwall.com/lists/oss-security/2008/05/02/2
https://www.php.net/ChangeLog-5.php
https://www.redhat.com/support/errata/RHSA-2008-0505.html
https://www.redhat.com/support/errata/RHSA-2008-0544.html
https://www.redhat.com/support/errata/RHSA-2008-0545.html
https://www.redhat.com/support/errata/RHSA-2008-0546.html
https://www.redhat.com/support/errata/RHSA-2008-0582.html
https://www.securityfocus.com/archive/1/492535/100/0/threaded
https://www.securityfocus.com/archive/1/492671/100/0/threaded
https://www.securityfocus.com/bid/29009
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951
https://www.ubuntu.com/usn/usn-628-1
https://www.vupen.com/english/advisories/2008/1412
https://www.vupen.com/english/advisories/2008/2268
https://issues.rpath.com/browse/RPL-2503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10256
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU110352
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2007-5899
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://bugs.php.net/bug.php?id=42869
https://osvdb.org/38918
https://secunia.com/advisories/27659
https://secunia.com/advisories/27864
https://secunia.com/advisories/28249
https://secunia.com/advisories/30040
https://secunia.com/advisories/30828
https://secunia.com/advisories/31119
https://secunia.com/advisories/31124
https://secunia.com/advisories/31200
https://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
https://www.debian.org/security/2008/dsa-1444
https://www.mandriva.com/security/advisories?name=MDVSA-2008:125
https://www.mandriva.com/security/advisories?name=MDVSA-2008:126
https://www.mandriva.com/security/advisories?name=MDVSA-2008:127
https://www.php.net/ChangeLog-5.php#5.2.5
https://www.php.net/releases/5_2_5.php
https://www.redhat.com/support/errata/RHSA-2008-0505.html
https://www.redhat.com/support/errata/RHSA-2008-0544.html
https://www.redhat.com/support/errata/RHSA-2008-0545.html
https://www.redhat.com/support/errata/RHSA-2008-0546.html
https://www.redhat.com/support/errata/RHSA-2008-0582.html
https://www.securityfocus.com/archive/1/491693/100/0/threaded
https://www.ubuntu.com/usn/usn-549-2
https://www.ubuntu.com/usn/usn-628-1
https://issues.rpath.com/browse/RPL-1943
https://launchpad.net/bugs/173043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11211
https://usn.ubuntu.com/549-1/
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU110354
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2007-5898
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
https://secunia.com/advisories/27648
https://secunia.com/advisories/27659
https://secunia.com/advisories/27864
https://secunia.com/advisories/28249
https://secunia.com/advisories/28658
https://secunia.com/advisories/30040
https://secunia.com/advisories/30828
https://secunia.com/advisories/31119
https://secunia.com/advisories/31124
https://secunia.com/advisories/31200
https://securitytracker.com/id?1018934
https://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
https://www.debian.org/security/2008/dsa-1444
https://www.mandriva.com/security/advisories?name=MDVSA-2008:125
https://www.mandriva.com/security/advisories?name=MDVSA-2008:126
https://www.mandriva.com/security/advisories?name=MDVSA-2008:127
https://www.php.net/ChangeLog-5.php#5.2.5
https://www.php.net/releases/5_2_5.php
https://www.redhat.com/support/errata/RHSA-2008-0505.html
https://www.redhat.com/support/errata/RHSA-2008-0544.html
https://www.redhat.com/support/errata/RHSA-2008-0545.html
https://www.redhat.com/support/errata/RHSA-2008-0546.html
https://www.redhat.com/support/errata/RHSA-2008-0582.html
https://www.securityfocus.com/archive/1/491693/100/0/threaded
https://www.ubuntu.com/usn/usn-549-2
https://www.ubuntu.com/usn/usn-628-1
https://issues.rpath.com/browse/RPL-1943
https://launchpad.net/bugs/173043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10080
https://usn.ubuntu.com/549-1/
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU110355
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2007-5900
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://bugs.php.net/bug.php?id=41561
https://secunia.com/advisories/27648
https://secunia.com/advisories/27659
https://secunia.com/advisories/30040
https://securitytracker.com/id?1018934
https://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
https://www.php.net/ChangeLog-5.php#5.2.5
https://www.php.net/releases/5_2_5.php
https://www.securityfocus.com/archive/1/491693/100/0/threaded
https://issues.rpath.com/browse/RPL-1943
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU110357
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2007-5447
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2.4
CPE2.3 External linkshttps://osvdb.org/41708
https://secunia.com/advisories/27178
https://www.securityfocus.com/bid/26024
https://exchange.xforce.ibmcloud.com/vulnerabilities/37227
https://www.exploit-db.com/exploits/4517
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Input validation error
EUVDB-ID: #VU110360
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2007-4889
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://securityreason.com/securityalert/3134
https://www.securityfocus.com/archive/1/479082/100/0/threaded
https://www.securityfocus.com/archive/1/479187/100/200/threaded
https://www.securityfocus.com/archive/1/479189/100/200/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36555
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU110361
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2007-4887
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via a long string in the library parameter.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://docs.info.apple.com/article.html?artnum=307562
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
https://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
https://secunia.com/advisories/27102
https://secunia.com/advisories/27659
https://secunia.com/advisories/28750
https://secunia.com/advisories/29420
https://secunia.com/advisories/30040
https://securityreason.com/securityalert/3133
https://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://www.php.net/ChangeLog-5.php#5.2.5
https://www.php.net/releases/5_2_5.php
https://www.securityfocus.com/archive/1/478985/100/0/threaded
https://www.securityfocus.com/archive/1/478988/100/0/threaded
https://www.securityfocus.com/archive/1/491693/100/0/threaded
https://www.securityfocus.com/bid/26403
https://www.vupen.com/english/advisories/2007/3825
https://www.vupen.com/english/advisories/2008/0398
https://www.vupen.com/english/advisories/2008/0924/references
https://issues.rpath.com/browse/RPL-1943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5767
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU110362
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2007-4840
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
https://osvdb.org/38916
https://secunia.com/advisories/27102
https://secunia.com/advisories/27659
https://secunia.com/advisories/28658
https://secunia.com/advisories/30040
https://securityreason.com/securityalert/3122
https://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://www.securityfocus.com/archive/1/478730/100/0/threaded
https://www.securityfocus.com/archive/1/491693/100/0/threaded
https://issues.rpath.com/browse/RPL-1943
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Path traversal
EUVDB-ID: #VU110363
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2007-4825
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in PHP 5.2.4 and earlier. A remote authenticated attacker can send a specially crafted HTTP request and attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a . (dot dot) in the dl function.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
https://osvdb.org/45902
https://secunia.com/advisories/27102
https://secunia.com/advisories/28658
https://securityreason.com/securityalert/3119
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://www.php.net/ChangeLog-5.php#5.2.5
https://www.php.net/releases/5_2_5.php
https://www.securityfocus.com/archive/1/478985/100/0/threaded
https://www.securityfocus.com/archive/1/478988/100/0/threaded
https://www.securityfocus.com/archive/1/478989/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36528
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU110365
Risk: Medium
CVSSv4.0: N/A
CVE-ID: CVE-2007-4783
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter.
MitigationInstall update from vendor's website.
Vulnerable software versionsPHP: 5.2 - 5.2.4
CPE2.3- cpe:2.3:a:php_group:php:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php_group:php:5.2.4:*:*:*:*:*:*:*
https://osvdb.org/38917
https://secunia.com/advisories/27102
https://secunia.com/advisories/27659
https://secunia.com/advisories/30040
https://securityreason.com/securityalert/3115
https://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
https://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
https://www.securityfocus.com/archive/1/478637/100/0/threaded
https://www.securityfocus.com/archive/1/491693/100/0/threaded
https://issues.rpath.com/browse/RPL-1943
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
