ID CVE-2007-1399
Summary Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
References
Vulnerable Configurations
  • cpe:2.3:a:pecl_zip:1.8.3:*:*:*:*:*:*:*:*
    cpe:2.3:a:pecl_zip:1.8.3:*:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 22883
debian DSA-1330
misc http://www.php-security.org/MOPB/MOPB-16-2007.html
osvdb 32782
secunia
  • 24471
  • 24514
  • 25938
suse SUSE-SA:2007:020
vupen ADV-2007-0898
xf pecl-url-wrapper-bo(32889)
statements via4
contributor Mark J Cox
lastmodified 2007-04-16
organization Red Hat
statement Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Last major update 29-07-2017 - 01:30
Published 10-03-2007 - 22:19
Last modified 29-07-2017 - 01:30
Back to Top