// For flags

CVE-2007-0906

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).

Los múltiples desbordamientos de búfer en PHP versión anterior a 5.2.1 permiten a los atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de vectores no específicos en las extensiones (1) session, (2) zip, (3) imap y (4) sqlite; (5) filtros de flujo; y las funciones (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user y (10) ibase_modify_user. NOTA: el vector 6 podría ser en realidad un desbordamiento de entero (CVE-2007-1885). NOTA: a partir de 20070411, el vector (3) puede involucrar la función imap_mail_compose (CVE-2007-1825).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-13 CVE Reserved
  • 2007-02-13 CVE Published
  • 2023-12-18 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (56)
URL Tag Source
http://osvdb.org/34706 Vdb Entry
http://osvdb.org/34707 Vdb Entry
http://osvdb.org/34708 Vdb Entry
http://osvdb.org/34709 Vdb Entry
http://osvdb.org/34710 Vdb Entry
http://osvdb.org/34711 Vdb Entry
http://osvdb.org/34712 Vdb Entry
http://osvdb.org/34713 Vdb Entry
http://osvdb.org/34714 Vdb Entry
http://osvdb.org/34715 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm X_refsource_confirm
http://www.osvdb.org/32776 Vdb Entry
http://www.php.net/ChangeLog-5.php#5.2.1 X_refsource_confirm
http://www.php.net/releases/5_2_1.php X_refsource_confirm
http://www.securityfocus.com/archive/1/461462/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/466166/100/0/threaded Mailing List
http://www.securitytracker.com/id?1017671 Vdb Entry
http://www.vupen.com/english/advisories/2007/0546 Vdb Entry
https://issues.rpath.com/browse/RPL-1088 X_refsource_confirm
https://issues.rpath.com/browse/RPL-1268 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8992 Signature
URL Date SRC
URL Date SRC
http://www.securityfocus.com/bid/22496 2018-10-30
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html 2018-10-30
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html 2018-10-30
http://rhn.redhat.com/errata/RHSA-2007-0089.html 2018-10-30
http://secunia.com/advisories/24089 2018-10-30
http://secunia.com/advisories/24195 2018-10-30
http://secunia.com/advisories/24217 2018-10-30
http://secunia.com/advisories/24236 2018-10-30
http://secunia.com/advisories/24248 2018-10-30
http://secunia.com/advisories/24284 2018-10-30
http://secunia.com/advisories/24295 2018-10-30
http://secunia.com/advisories/24322 2018-10-30
http://secunia.com/advisories/24419 2018-10-30
http://secunia.com/advisories/24421 2018-10-30
http://secunia.com/advisories/24432 2018-10-30
http://secunia.com/advisories/24514 2018-10-30
http://secunia.com/advisories/24606 2018-10-30
http://secunia.com/advisories/24642 2018-10-30
http://secunia.com/advisories/24945 2018-10-30
http://secunia.com/advisories/26048 2018-10-30
http://security.gentoo.org/glsa/glsa-200703-21.xml 2018-10-30
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048 2018-10-30
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0076.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0081.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0082.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0088.html 2018-10-30
http://www.trustix.org/errata/2007/0009 2018-10-30
http://www.ubuntu.com/usn/usn-424-1 2018-10-30
http://www.ubuntu.com/usn/usn-424-2 2018-10-30
http://www.us.debian.org/security/2007/dsa-1264 2018-10-30
https://access.redhat.com/security/cve/CVE-2007-0906 2007-02-26
https://bugzilla.redhat.com/show_bug.cgi?id=1618280 2007-02-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0
Search vendor "Php" for product "Php" and version "3.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.1
Search vendor "Php" for product "Php" and version "3.0.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.2
Search vendor "Php" for product "Php" and version "3.0.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.3
Search vendor "Php" for product "Php" and version "3.0.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.4
Search vendor "Php" for product "Php" and version "3.0.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.5
Search vendor "Php" for product "Php" and version "3.0.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.6
Search vendor "Php" for product "Php" and version "3.0.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.7
Search vendor "Php" for product "Php" and version "3.0.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.8
Search vendor "Php" for product "Php" and version "3.0.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.9
Search vendor "Php" for product "Php" and version "3.0.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.10
Search vendor "Php" for product "Php" and version "3.0.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.11
Search vendor "Php" for product "Php" and version "3.0.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.12
Search vendor "Php" for product "Php" and version "3.0.12"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.13
Search vendor "Php" for product "Php" and version "3.0.13"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.14
Search vendor "Php" for product "Php" and version "3.0.14"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.15
Search vendor "Php" for product "Php" and version "3.0.15"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.16
Search vendor "Php" for product "Php" and version "3.0.16"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.17
Search vendor "Php" for product "Php" and version "3.0.17"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 3.0.18
Search vendor "Php" for product "Php" and version "3.0.18"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0
Search vendor "Php" for product "Php" and version "4.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.1
Search vendor "Php" for product "Php" and version "4.0.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.1
Search vendor "Php" for product "Php" and version "4.0.1"
patch1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.1
Search vendor "Php" for product "Php" and version "4.0.1"
patch2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.2
Search vendor "Php" for product "Php" and version "4.0.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.3
Search vendor "Php" for product "Php" and version "4.0.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.3
Search vendor "Php" for product "Php" and version "4.0.3"
patch1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.4
Search vendor "Php" for product "Php" and version "4.0.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.5
Search vendor "Php" for product "Php" and version "4.0.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.6
Search vendor "Php" for product "Php" and version "4.0.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.0.7
Search vendor "Php" for product "Php" and version "4.0.7"
rc3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.1.0
Search vendor "Php" for product "Php" and version "4.1.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.1.1
Search vendor "Php" for product "Php" and version "4.1.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.1.2
Search vendor "Php" for product "Php" and version "4.1.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2
Search vendor "Php" for product "Php" and version "4.2"
dev
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.0
Search vendor "Php" for product "Php" and version "4.2.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.1
Search vendor "Php" for product "Php" and version "4.2.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.2
Search vendor "Php" for product "Php" and version "4.2.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.2.3
Search vendor "Php" for product "Php" and version "4.2.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.0
Search vendor "Php" for product "Php" and version "4.3.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.1
Search vendor "Php" for product "Php" and version "4.3.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.2
Search vendor "Php" for product "Php" and version "4.3.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.3
Search vendor "Php" for product "Php" and version "4.3.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.4
Search vendor "Php" for product "Php" and version "4.3.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.5
Search vendor "Php" for product "Php" and version "4.3.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.6
Search vendor "Php" for product "Php" and version "4.3.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.7
Search vendor "Php" for product "Php" and version "4.3.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.8
Search vendor "Php" for product "Php" and version "4.3.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.9
Search vendor "Php" for product "Php" and version "4.3.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.10
Search vendor "Php" for product "Php" and version "4.3.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.3.11
Search vendor "Php" for product "Php" and version "4.3.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.0
Search vendor "Php" for product "Php" and version "4.4.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.1
Search vendor "Php" for product "Php" and version "4.4.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.2
Search vendor "Php" for product "Php" and version "4.4.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.3
Search vendor "Php" for product "Php" and version "4.4.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 4.4.4
Search vendor "Php" for product "Php" and version "4.4.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0
Search vendor "Php" for product "Php" and version "5.0"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0
Search vendor "Php" for product "Php" and version "5.0"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0
Search vendor "Php" for product "Php" and version "5.0"
rc3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.1
Search vendor "Php" for product "Php" and version "5.0.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.2
Search vendor "Php" for product "Php" and version "5.0.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.3
Search vendor "Php" for product "Php" and version "5.0.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.4
Search vendor "Php" for product "Php" and version "5.0.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.5
Search vendor "Php" for product "Php" and version "5.0.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.0
Search vendor "Php" for product "Php" and version "5.1.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.1
Search vendor "Php" for product "Php" and version "5.1.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.2
Search vendor "Php" for product "Php" and version "5.1.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.3
Search vendor "Php" for product "Php" and version "5.1.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.4
Search vendor "Php" for product "Php" and version "5.1.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.5
Search vendor "Php" for product "Php" and version "5.1.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.6
Search vendor "Php" for product "Php" and version "5.1.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.0
Search vendor "Php" for product "Php" and version "5.2.0"
-
Affected
Trustix
Search vendor "Trustix"
 Secure Linux
Search vendor "Trustix" for product "Secure Linux"
 2.2
Search vendor "Trustix" for product "Secure Linux" and version "2.2"
-
Affected
Trustix
Search vendor "Trustix"
 Secure Linux
Search vendor "Trustix" for product "Secure Linux"
 3.0
Search vendor "Trustix" for product "Secure Linux" and version "3.0"
-
Affected