| ID |
CVE-2007-1522
|
| Summary |
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 6.8 (as of 08-03-2011 - 02:52) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-04-16 | | organization | Red Hat | | statement | The PHP interpreter does not offer a reliable "sandboxed" security
layer (as found in, say, a JVM) in which untrusted scripts can be run;
any script run by the PHP interpreter must be trusted with the
privileges of the interpreter itself. We therefore do not classify
this issue as security-sensitive since no trust boundary is crossed.
|
|
| Last major update |
08-03-2011 - 02:52 |
| Published |
20-03-2007 - 20:19 |
| Last modified |
08-03-2011 - 02:52 |
