CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.php-security.org/MOPB/MOPB-23-2007.html	Exploit Vendor Advisory
http://secunia.com/advisories/24505
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.securityfocus.com/bid/22971
http://secunia.com/advisories/25056
http://www.vupen.com/english/advisories/2007/0960

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:5.2.1:::::::*
	cpe:2.3:a:php:php:5.2.0:::::::*

Information

Published : 2007-03-20 13:19

Updated : 2011-03-07 18:52

NVD link : CVE-2007-1522

Mitre link : CVE-2007-1522

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

php

php

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.php-security.org/MOPB/MOPB-23-2007.html", "name": "http://www.php-security.org/MOPB/MOPB-23-2007.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/24505", "name": "24505", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2007_32_php.html", "name": "SUSE-SA:2007:032", "tags": [], "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/22971", "name": "22971", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/25056", "name": "25056", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/0960", "name": "ADV-2007-0960", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1522", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-03-20T20:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:52Z"}