[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251625

 
 

909

 
 

196370

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1375Date: (C)2007-03-09   (M)2023-12-22


Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-22851
SECUNIA-24606
SECUNIA-25056
SECUNIA-25057
SECUNIA-25062
SECUNIA-26895
OSVDB-32780
EXPLOIT-DB-3424
DSA-1283
GLSA-200703-21
MDKSA-2007:187
SUSE-SA:2007:032
USN-455-1
http://us2.php.net/releases/5_2_2.php
http://www.php-security.org/MOPB/MOPB-14-2007.html

CPE    1
cpe:/a:php:php

© SecPod Technologies