ID CVE-2007-1522
Summary Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 08-03-2011 - 02:52)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 22971
misc http://www.php-security.org/MOPB/MOPB-23-2007.html
secunia
  • 24505
  • 25056
suse SUSE-SA:2007:032
vupen ADV-2007-0960
statements via4
contributor Mark J Cox
lastmodified 2007-04-16
organization Red Hat
statement The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Last major update 08-03-2011 - 02:52
Published 20-03-2007 - 20:19
Back to Top