CVE-2007-1864

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html

http://osvdb.org/34674

http://secunia.com/advisories/25187

http://secunia.com/advisories/25191

http://secunia.com/advisories/25255

http://secunia.com/advisories/25445

http://secunia.com/advisories/25660

http://secunia.com/advisories/25938

http://secunia.com/advisories/25945

http://secunia.com/advisories/26048

http://secunia.com/advisories/26102

http://secunia.com/advisories/27377

http://security.gentoo.org/glsa/glsa-200705-19.xml

http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm

http://us2.php.net/releases/4_4_7.php

http://us2.php.net/releases/5_2_2.php

http://www.debian.org/security/2007/dsa-1330

http://www.debian.org/security/2007/dsa-1331

http://www.mandriva.com/security/advisories?name=MDKSA-2007:102

http://www.mandriva.com/security/advisories?name=MDKSA-2007:103

http://www.redhat.com/support/errata/RHSA-2007-0349.html

http://www.redhat.com/support/errata/RHSA-2007-0355.html

http://www.securityfocus.com/bid/23813

http://www.securitytracker.com/id?1018024

http://www.trustix.org/errata/2007/0017/

http://www.ubuntu.com/usn/usn-485-1

http://www.vupen.com/english/advisories/2007/2187

https://issues.rpath.com/browse/RPL-1693

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11257

https://rhn.redhat.com/errata/RHSA-2007-0348.html

Details

Source: MITRE

Published: 2007-05-09

Updated: 2019-05-22

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from 5.1.0 to 5.1.6 (inclusive)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
78215F5 Networks BIG-IP : Multiple PHP vulnerabilities (SOL7859)NessusF5 Networks Local Security Checks
high
67497Oracle Linux 4 : php (ELSA-2007-0349)NessusOracle Linux Local Security Checks
high
67496Oracle Linux 5 : php (ELSA-2007-0348)NessusOracle Linux Local Security Checks
high
67050CentOS 4 : php (CESA-2007:0349)NessusCentOS Local Security Checks
high
29552SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3754)NessusSuSE Local Security Checks
high
28086Ubuntu 6.06 LTS / 6.10 / 7.04 : php5 vulnerabilities (USN-485-1)NessusUbuntu Local Security Checks
high
27392openSUSE 10 Security Update : php5 (php5-3753)NessusSuSE Local Security Checks
high
27391openSUSE 10 Security Update : php5 (php5-3745)NessusSuSE Local Security Checks
high
25678Debian DSA-1331-1 : php4 - several vulnerabilitiesNessusDebian Local Security Checks
high
25677Debian DSA-1330-1 : php5 - several vulnerabilitiesNessusDebian Local Security Checks
critical
25340GLSA-200705-19 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
25334RHEL 5 : php (RHSA-2007:0348)NessusRed Hat Local Security Checks
high
25212Mandrake Linux Security Advisory : php (MDKSA-2007:102)NessusMandriva Local Security Checks
high
25206CentOS 5 : php (CESA-2007:0348)NessusCentOS Local Security Checks
high
25193RHEL 4 : php (RHSA-2007:0349)NessusRed Hat Local Security Checks
high
3982PHP 4.x < 4.4.7 / 5.x < 5.2.2 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
25159PHP < 4.4.7 / 5.2.2 Multiple VulnerabilitiesNessusCGI abuses
high
801085PHP < 4.4.7 / 5.2.2 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high