PT-2007-2349 · Php+1 · Php+1

Published

2007-02-13

Updated

2018-10-30

CVE-2007-0908

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.1 PHP versions prior to 4.4.5

Description: The issue is related to the WDDX deserializer in the wddx extension, which does not properly initialize the key length variable for a numerical key. This allows attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

Recommendations: For PHP versions prior to 5.2.1, update to version 5.2.1 or later. For PHP versions prior to 4.4.5, update to version 4.4.5 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-0908

DSA-1264-1

RHSA-2007:0076

RHSA-2007:0081

RHSA-2007:0082

RHSA-2007:0088

RHSA-2007:0089

RHSA-2007_0076

RHSA-2007_0082

Affected Products

Php

Red Hat

PT-2007-2349 · Php+1 · Php+1

CVE-2007-0908

Weakness Enumeration

Related Identifiers

Affected Products

References · 63