CVE-2007-1522

{"id": "CVE-2007-1522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-03-20T20:19:00.000", "references": [{"url": "http://secunia.com/advisories/24505", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25056", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2007_32_php.html", "source": "cve@mitre.org"}, {"url": "http://www.php-security.org/MOPB/MOPB-23-2007.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22971", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0960", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors."}, {"lang": "es", "value": "Vulnerabilidad de liberaci\u00f3n doble en la extensi\u00f3n session de PHP 5.2.0 and 5.2.1 permite a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante caracteres ilegales en el identificador de sesi\u00f3n, lo cual es rechazado por el m\u00f3dulo de almacenamiento de sesi\u00f3n interno, lo cual llama al generador de identificador de sesi\u00f3n en un contexto inapropiado, dando la posibilidad de la inyecci\u00f3n de c\u00f3digo cuando el generador es interrumpido, como ha sido demostrado lanzando una violaci\u00f3n de l\u00edmite de memoria o ciertos errores de PHP."}], "lastModified": "2011-03-08T02:52:17.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99"}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"}], "operator": "OR"}]}], "vendorComments": [{"comment": "The PHP interpreter does not offer a reliable "sandboxed" security\nlayer (as found in, say, a JVM) in which untrusted scripts can be run;\nany script run by the PHP interpreter must be trusted with the\nprivileges of the interpreter itself. We therefore do not classify\nthis issue as security-sensitive since no trust boundary is crossed.\n", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}