[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3806Date: (C)2007-07-16   (M)2024-02-22


The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-24922
BID-25498
SECUNIA-26085
SECUNIA-26642
SECUNIA-27102
SECUNIA-30158
SECUNIA-30288
OSVDB-36085
EXPLOIT-DB-4181
ADV-2007-2547
DSA-1572
DSA-1578
GLSA-200710-02
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
http://www.php.net/ChangeLog-5.php#5.2.4
http://www.php.net/releases/5_2_4.php
php-glob-security-bypass(35437)

CPE    1
cpe:/a:php:php:5.2.3
CWE    1
CWE-20
OVAL    2
oval:org.mitre.oval:def:8065
oval:org.mitre.oval:def:7889

© SecPod Technologies