CVE-2007-1701 - PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-depende

CVE-2007-1701

Summary

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". Successful exploitation requires that variable "register_globals" is enabled.

References

Vulnerable Configurations

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:rc:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:rc:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc6:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:rc6:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc6:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc6:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc7:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc7:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc8:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:rc8:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:dev:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:dev:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:pre1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:pre1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:pre2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:pre2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc2-pre:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc2-pre:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:rc6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:-:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:rc6:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 09-10-2019 - 22:52)
Impact:
Exploitability:

CWE

CWE-502

CAPEC

Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:10:55.412-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:11034

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

rpms

php-0:4.3.2-39.ent
php-0:4.3.9-3.22.3
php-debuginfo-0:4.3.2-39.ent
php-debuginfo-0:4.3.9-3.22.3
php-devel-0:4.3.2-39.ent
php-devel-0:4.3.9-3.22.3
php-domxml-0:4.3.9-3.22.3
php-gd-0:4.3.9-3.22.3
php-imap-0:4.3.2-39.ent
php-imap-0:4.3.9-3.22.3
php-ldap-0:4.3.2-39.ent
php-ldap-0:4.3.9-3.22.3
php-mbstring-0:4.3.9-3.22.3
php-mysql-0:4.3.2-39.ent
php-mysql-0:4.3.9-3.22.3
php-ncurses-0:4.3.9-3.22.3
php-odbc-0:4.3.2-39.ent
php-odbc-0:4.3.9-3.22.3
php-pear-0:4.3.9-3.22.3
php-pgsql-0:4.3.2-39.ent
php-pgsql-0:4.3.9-3.22.3
php-snmp-0:4.3.9-3.22.3
php-xmlrpc-0:4.3.9-3.22.3
php-0:4.1.2-2.14
php-devel-0:4.1.2-2.14
php-imap-0:4.1.2-2.14
php-ldap-0:4.1.2-2.14
php-manual-0:4.1.2-2.14
php-mysql-0:4.1.2-2.14
php-odbc-0:4.1.2-2.14
php-pgsql-0:4.1.2-2.14
php-0:5.1.6-7.el5
php-bcmath-0:5.1.6-7.el5
php-cli-0:5.1.6-7.el5
php-common-0:5.1.6-7.el5
php-dba-0:5.1.6-7.el5
php-debuginfo-0:5.1.6-7.el5
php-devel-0:5.1.6-7.el5
php-gd-0:5.1.6-7.el5
php-imap-0:5.1.6-7.el5
php-ldap-0:5.1.6-7.el5
php-mbstring-0:5.1.6-7.el5
php-mysql-0:5.1.6-7.el5
php-ncurses-0:5.1.6-7.el5
php-odbc-0:5.1.6-7.el5
php-pdo-0:5.1.6-7.el5
php-pgsql-0:5.1.6-7.el5
php-snmp-0:5.1.6-7.el5
php-soap-0:5.1.6-7.el5
php-xml-0:5.1.6-7.el5
php-xmlrpc-0:5.1.6-7.el5
php-0:5.1.6-3.el4s1.5
php-bcmath-0:5.1.6-3.el4s1.5
php-cli-0:5.1.6-3.el4s1.5
php-common-0:5.1.6-3.el4s1.5
php-dba-0:5.1.6-3.el4s1.5
php-debuginfo-0:5.1.6-3.el4s1.5
php-devel-0:5.1.6-3.el4s1.5
php-gd-0:5.1.6-3.el4s1.5
php-imap-0:5.1.6-3.el4s1.5
php-ldap-0:5.1.6-3.el4s1.5
php-mbstring-0:5.1.6-3.el4s1.5
php-mysql-0:5.1.6-3.el4s1.5
php-ncurses-0:5.1.6-3.el4s1.5
php-odbc-0:5.1.6-3.el4s1.5
php-pdo-0:5.1.6-3.el4s1.5
php-pgsql-0:5.1.6-3.el4s1.5
php-snmp-0:5.1.6-3.el4s1.5
php-soap-0:5.1.6-3.el4s1.5
php-xml-0:5.1.6-3.el4s1.5
php-xmlrpc-0:5.1.6-3.el4s1.5
stronghold-php-0:4.1.2-12
stronghold-php-devel-0:4.1.2-12
stronghold-php-imap-0:4.1.2-12
stronghold-php-ldap-0:4.1.2-12
stronghold-php-manual-0:4.1.2-12
stronghold-php-mysql-0:4.1.2-12
stronghold-php-odbc-0:4.1.2-12
stronghold-php-pgsql-0:4.1.2-12
stronghold-php-snmp-0:4.1.2-12

refmap via4

bid	23120
gentoo	GLSA-200705-19
hp	HPSBMA02215 HPSBTU02232 SSRT071423 SSRT071429
misc	http://www.php-security.org/MOPB/MOPB-31-2007.html
secunia	25423 25445 25850
vupen	ADV-2007-1991 ADV-2007-2374
xf	php-sessiondecode-code-execution(33658)

statements via4

contributor	Mark J Cox
lastmodified	2007-05-01
organization	Red Hat
statement	This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0910.

Last major update

09-10-2019 - 22:52

Published

27-03-2007 - 01:19

Last modified

09-10-2019 - 22:52