PT-2007-5923 · Php+1 · Php+1

Publicado

2007-09-10

Atualizado

2024-06-15

CVE-2007-4783

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: PHP versions 5.2.4 and earlier

Description: The issue allows context-dependent attackers to cause a denial of service, either by crashing the application via a long string in the charset parameter, likely requiring a long string in the str parameter, or by causing a temporary application hang via a long string in the str parameter.

Recommendations: For PHP versions 5.2.4 and earlier, consider updating to a newer version to mitigate the risk of denial of service attacks. As a temporary workaround, consider restricting the length of strings passed to the iconv substr function to prevent potential crashes or hangs.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2007-4783

HPSBUX02332

OPENSUSE-SU-2024:11167-1

OPENSUSE-SU-2024:11169-1

Produtos afetados

Hp-Ux

Php

PT-2007-5923 · Php+1 · Php+1

CVE-2007-4783

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 124