CVE-2007-4670

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.

References

http://rhn.redhat.com/errata/RHSA-2007-0889.html

http://secunia.com/advisories/26822

http://secunia.com/advisories/26838

http://secunia.com/advisories/26871

http://secunia.com/advisories/26895

http://secunia.com/advisories/26930

http://secunia.com/advisories/26967

http://secunia.com/advisories/27102

http://secunia.com/advisories/27351

http://secunia.com/advisories/27377

http://secunia.com/advisories/27545

http://secunia.com/advisories/27864

http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:187

http://www.php.net/ChangeLog-5.php#5.2.4

http://www.php.net/releases/5_2_4.php

http://www.redhat.com/support/errata/RHSA-2007-0888.html

http://www.redhat.com/support/errata/RHSA-2007-0890.html

http://www.redhat.com/support/errata/RHSA-2007-0891.html

http://www.trustix.org/errata/2007/0026/

http://www.ubuntu.com/usn/usn-549-2

https://issues.rpath.com/browse/RPL-1693

https://issues.rpath.com/browse/RPL-1702

https://launchpad.net/bugs/173043

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11028

https://usn.ubuntu.com/549-1/

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

Details

Source: MITRE

Published: 2007-09-05

Updated: 2018-10-03

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.2.3 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
67570Oracle Linux 4 / 5 : php (ELSA-2007-0890)NessusOracle Linux Local Security Checks
high
67569Oracle Linux 3 : php (ELSA-2007-0889)NessusOracle Linux Local Security Checks
high
60257Scientific Linux Security Update : php on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
60255Scientific Linux Security Update : php on SL5.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
29213Ubuntu 7.10 : php5 regression (USN-549-2)NessusUbuntu Local Security Checks
high
28372Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : php5 vulnerabilities (USN-549-1)NessusUbuntu Local Security Checks
high
27564RHEL 2.1 : php (RHSA-2007:0888)NessusRed Hat Local Security Checks
medium
26942GLSA-200710-02 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
26204CentOS 3 : php (CESA-2007:0889)NessusCentOS Local Security Checks
high
26191RHEL 3 : php (RHSA-2007:0889)NessusRed Hat Local Security Checks
high
26115Fedora Core 6 : php-5.1.6-3.7.fc6 (2007-709)NessusFedora Local Security Checks
high
26110RHEL 4 / 5 : php (RHSA-2007:0890)NessusRed Hat Local Security Checks
high
26107Mandrake Linux Security Advisory : php (MDKSA-2007:187)NessusMandriva Local Security Checks
critical
26075CentOS 4 / 5 : php (CESA-2007:0890)NessusCentOS Local Security Checks
high
26038FreeBSD : php -- multiple vulnerabilities (71d903fc-602d-11dc-898c-001921ab2fa4)NessusFreeBSD Local Security Checks
high
3982PHP 4.x < 4.4.7 / 5.x < 5.2.2 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
25159PHP < 4.4.7 / 5.2.2 Multiple VulnerabilitiesNessusCGI abuses
high