CVE-2007-1521

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-1521
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/24505 Vendor Advisory
http://secunia.com/advisories/25025 Vendor Advisory
http://secunia.com/advisories/25056
http://secunia.com/advisories/25057 Vendor Advisory
http://secunia.com/advisories/25062 Vendor Advisory
http://secunia.com/advisories/25445
http://secunia.com/advisories/26235
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.debian.org/security/2007/dsa-1282
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-22-2007.html Exploit Vendor Advisory
http://www.securityfocus.com/bid/22968
http://www.securityfocus.com/bid/25159
http://www.ubuntu.com/usn/usn-455-1
http://www.vupen.com/english/advisories/2007/0960
http://www.vupen.com/english/advisories/2007/2732
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/24505 Vendor Advisory
http://secunia.com/advisories/25025 Vendor Advisory
http://secunia.com/advisories/25056
http://secunia.com/advisories/25057 Vendor Advisory
http://secunia.com/advisories/25062 Vendor Advisory
http://secunia.com/advisories/25445
http://secunia.com/advisories/26235
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.debian.org/security/2007/dsa-1282
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-22-2007.html Exploit Vendor Advisory
http://www.securityfocus.com/bid/22968
http://www.securityfocus.com/bid/25159
http://www.ubuntu.com/usn/usn-455-1
http://www.vupen.com/english/advisories/2007/0960
http://www.vupen.com/english/advisories/2007/2732
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:28

Type Values Removed Values Added
References () http://docs.info.apple.com/article.html?artnum=306172 - () http://docs.info.apple.com/article.html?artnum=306172 -
References () http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html - () http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html -
References () http://secunia.com/advisories/24505 - Vendor Advisory () http://secunia.com/advisories/24505 - Vendor Advisory
References () http://secunia.com/advisories/25025 - Vendor Advisory () http://secunia.com/advisories/25025 - Vendor Advisory
References () http://secunia.com/advisories/25056 - () http://secunia.com/advisories/25056 -
References () http://secunia.com/advisories/25057 - Vendor Advisory () http://secunia.com/advisories/25057 - Vendor Advisory
References () http://secunia.com/advisories/25062 - Vendor Advisory () http://secunia.com/advisories/25062 - Vendor Advisory
References () http://secunia.com/advisories/25445 - () http://secunia.com/advisories/25445 -
References () http://secunia.com/advisories/26235 - () http://secunia.com/advisories/26235 -
References () http://security.gentoo.org/glsa/glsa-200705-19.xml - () http://security.gentoo.org/glsa/glsa-200705-19.xml -
References () http://us2.php.net/releases/4_4_7.php - () http://us2.php.net/releases/4_4_7.php -
References () http://us2.php.net/releases/5_2_2.php - () http://us2.php.net/releases/5_2_2.php -
References () http://www.debian.org/security/2007/dsa-1282 - () http://www.debian.org/security/2007/dsa-1282 -
References () http://www.debian.org/security/2007/dsa-1283 - () http://www.debian.org/security/2007/dsa-1283 -
References () http://www.novell.com/linux/security/advisories/2007_32_php.html - () http://www.novell.com/linux/security/advisories/2007_32_php.html -
References () http://www.php-security.org/MOPB/MOPB-22-2007.html - Exploit, Vendor Advisory () http://www.php-security.org/MOPB/MOPB-22-2007.html - Exploit, Vendor Advisory
References () http://www.securityfocus.com/bid/22968 - () http://www.securityfocus.com/bid/22968 -
References () http://www.securityfocus.com/bid/25159 - () http://www.securityfocus.com/bid/25159 -
References () http://www.ubuntu.com/usn/usn-455-1 - () http://www.ubuntu.com/usn/usn-455-1 -
References () http://www.vupen.com/english/advisories/2007/0960 - () http://www.vupen.com/english/advisories/2007/0960 -
References () http://www.vupen.com/english/advisories/2007/2732 - () http://www.vupen.com/english/advisories/2007/2732 -
Information

Published : 2007-03-20 20:19

Updated : 2024-11-21 00:28

NVD link : CVE-2007-1521

Mitre link : CVE-2007-1521

CVE.ORG link : CVE-2007-1521

JSON object : View

Products Affected

php

  • php
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024