PT-2007-2967 · Php · Php

Stefan Esser

Published

2007-03-21

Updated

2017-10-11

CVE-2007-1584

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP version 5.2.0

Description The issue allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to the header function, which causes it to write '0' characters in whitespace that precedes the string.

Recommendations For PHP version 5.2.0, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, avoid passing all-whitespace strings to the header function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1584

Affected Products

Php

PT-2007-2967 · Php · Php

CVE-2007-1584

Related Identifiers

Affected Products

References · 6