Информационная безопасность
[RU] switch to English


CVECVE-2007-0908
СтатусCandidate
ОписаниеThe WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
Важность
Medium
CVSS score5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:N/A:N)
PhaseAssigned (06.06.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0908
ReferencesSECTRACK : 1017671
 TRUSTIX : 2007-0009
 SGI : 20070201-01-P
 BUGTRAQ : 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql
 BID : 22496
 SECUNIA : 24089
 SECUNIA : 24195
 SECUNIA : 24217
 SECUNIA : 24236
 SECUNIA : 24248
 SECUNIA : 24284
 SECUNIA : 24295
 SECUNIA : 24322
 SECUNIA : 24419
 SECUNIA : 24421
 SECUNIA : 24432
 SECUNIA : 24514
 SECUNIA : 24606
 SECUNIA : 24642
 FRSIRT : ADV-2007-0546
 DEBIAN : DSA-1264
 GENTOO : GLSA-200703-21
 CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
 CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
 MISC : http://www.php-security.org/MOPB/MOPB-11-2007.html
 CONFIRM : http://www.php.net/ChangeLog-5.php#5.2.1
 CONFIRM : http://www.php.net/releases/5_2_1.php
 CONFIRM : https://issues.rpath.com/browse/RPL-1088
 MANDRIVA : MDKSA-2007:048
 OPENPKG : OpenPKG-SA-2007.010
 XF : php-wddx-information-disclosure(32493)
 REDHAT : RHSA-2007:0076
 REDHAT : RHSA-2007:0081
 REDHAT : RHSA-2007:0082
 REDHAT : RHSA-2007:0088
 REDHAT : RHSA-2007:0089
 SUSE : SUSE-SA:2007:020
 UBUNTU : USN-424-1
 UBUNTU : USN-424-2
SecurityVulns:Многочисленные уязвимости в PHP (multiple bugs)
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород