CVE-2007-2748

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

References

http://osvdb.org/34730

http://secunia.com/advisories/26895

http://us2.php.net/releases/5_2_2.php

http://www.attrition.org/pipermail/vim/2007-May/001621.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:187

http://www.novell.com/linux/security/advisories/2007_15_sr.html

http://www.securityfocus.com/bid/24012

Details

Source: MITRE

Published: 2007-05-17

Updated: 2018-10-19

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.2.1 (inclusive)

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
29379SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)NessusSuSE Local Security Checks
medium
27152openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)NessusSuSE Local Security Checks
medium
27151openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)NessusSuSE Local Security Checks
medium
26107Mandrake Linux Security Advisory : php (MDKSA-2007:187)NessusMandriva Local Security Checks
critical
3982PHP 4.x < 4.4.7 / 5.x < 5.2.2 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
25159PHP < 4.4.7 / 5.2.2 Multiple VulnerabilitiesNessusCGI abuses
high
801085PHP < 4.4.7 / 5.2.2 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high