CVE-2007-1522
Vulnerability from cvelistv5
Published
2007-03-20 20:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:59:08.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2007-0960", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0960" }, { "name": "25056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25056" }, { "name": "24505", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24505" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.php-security.org/MOPB/MOPB-23-2007.html" }, { "name": "22971", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22971" }, { "name": "SUSE-SA:2007:032", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2007-03-31T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2007-0960", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0960" }, { "name": "25056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25056" }, { "name": "24505", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24505" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.php-security.org/MOPB/MOPB-23-2007.html" }, { "name": "22971", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22971" }, { "name": "SUSE-SA:2007:032", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1522", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2007-0960", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0960" }, { "name": "25056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25056" }, { "name": "24505", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24505" }, { "name": "http://www.php-security.org/MOPB/MOPB-23-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-23-2007.html" }, { "name": "22971", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22971" }, { "name": "SUSE-SA:2007:032", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1522", "datePublished": "2007-03-20T20:00:00", "dateReserved": "2007-03-20T00:00:00", "dateUpdated": "2024-08-07T12:59:08.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2007-1522\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-20T20:19:00.000\",\"lastModified\":\"2011-03-08T02:52:17.017\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de liberaci\u00f3n doble en la extensi\u00f3n session de PHP 5.2.0 and 5.2.1 permite a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante caracteres ilegales en el identificador de sesi\u00f3n, lo cual es rechazado por el m\u00f3dulo de almacenamiento de sesi\u00f3n interno, lo cual llama al generador de identificador de sesi\u00f3n en un contexto inapropiado, dando la posibilidad de la inyecci\u00f3n de c\u00f3digo cuando el generador es interrumpido, como ha sido demostrado lanzando una violaci\u00f3n de l\u00edmite de memoria o ciertos errores de PHP.\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"The PHP interpreter does not offer a reliable \u0026quot;sandboxed\u0026quot; security\\nlayer (as found in, say, a JVM) in which untrusted scripts can be run;\\nany script run by the PHP interpreter must be trusted with the\\nprivileges of the interpreter itself. We therefore do not classify\\nthis issue as security-sensitive since no trust boundary is crossed.\\n\",\"lastModified\":\"2007-04-16T00:00:00\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/24505\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25056\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_32_php.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.php-security.org/MOPB/MOPB-23-2007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/22971\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0960\",\"source\":\"cve@mitre.org\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.