#VU110431 Input validation error in PHP - CVE-2007-1584

Cybersecurity Help s.r.o.

Published: 2017-10-11 | Updated: 2025-06-12

Vulnerability identifier: #VU110431

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2007-1584

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '' characters in whitespace that precedes the string.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 5.2.0

External links
https://www.php-security.org/MOPB/MOPB-25-2007.html
https://www.exploit-db.com/exploits/3517

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in PHP