[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1581Date: (C)2007-03-21   (M)2023-12-22


The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-23062
SECUNIA-24542
EXPLOIT-DB-3529
http://php-security.org/2010/05/01/mops-2010-001-php-hash_update_file-already-freed-resource-access-vulnerability/index.html
http://www.php-security.org/MOPB/MOPB-28-2007.html
php-hashupdatefile-code-execution(33248)

CPE    30
cpe:/a:php:php:5.0.0
cpe:/a:php:php:5.0.5
cpe:/a:php:php:5.1.4
cpe:/a:php:php:5.3.2
...
CWE    1
CWE-94

© SecPod Technologies