ID CVE-2007-3806
Summary The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 24922
  • 25498
confirm
debian
  • DSA-1572
  • DSA-1578
exploit-db 4181
gentoo GLSA-200710-02
misc
osvdb 36085
secunia
  • 26085
  • 26642
  • 27102
  • 30158
  • 30288
vupen ADV-2007-2547
xf php-glob-security-bypass(35437)
statements via4
contributor Mark J Cox
lastmodified 2007-09-05
organization Red Hat
statement Not vulnerable. This issue only affected PHP on Windows platforms.
Last major update 29-09-2017 - 01:29
Published 17-07-2007 - 00:30
Back to Top