CVE-2007-0908

PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

El deserializador WDDX en la extensión wddx en PHP versión 5 anterior a 5.2.1 y PHP versión 4 anterior a 4.4.5, no inicializa apropiadamente la variable key_length para una clave numérica, lo que permite a los atacantes dependiendo del contexto leer la memoria de pila por medio de un elemento wddxPacket que contiene un variable con un nombre de cadena anterior a una variable numérica.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-02-13 CVE Reserved
2007-02-13 CVE Published
2007-03-04 First Exploit
2024-08-07 CVE Updated
2024-10-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (45)

URL	Tag	Source
http://osvdb.org/32766	Broken Link
http://secunia.com/advisories/24089	Third Party Advisory
http://secunia.com/advisories/24195	Third Party Advisory
http://secunia.com/advisories/24217	Third Party Advisory
http://secunia.com/advisories/24236	Third Party Advisory
http://secunia.com/advisories/24248	Third Party Advisory
http://secunia.com/advisories/24284	Third Party Advisory
http://secunia.com/advisories/24295	Third Party Advisory
http://secunia.com/advisories/24322	Third Party Advisory
http://secunia.com/advisories/24419	Third Party Advisory
http://secunia.com/advisories/24421	Third Party Advisory
http://secunia.com/advisories/24432	Third Party Advisory
http://secunia.com/advisories/24514	Third Party Advisory
http://secunia.com/advisories/24606	Third Party Advisory
http://secunia.com/advisories/24642	Third Party Advisory
http://securityreason.com/securityalert/2321	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm	Third Party Advisory
http://www.php-security.org/MOPB/MOPB-11-2007.html	Third Party Advisory
http://www.php.net/ChangeLog-5.php#5.2.1	Third Party Advisory
http://www.php.net/releases/5_2_1.php	Third Party Advisory
http://www.securityfocus.com/archive/1/461462/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/22806	Third Party Advisory
http://www.securitytracker.com/id?1017671	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32493	Third Party Advisory
https://issues.rpath.com/browse/RPL-1088	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11185	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/3414	2007-03-04

URL	Date	SRC
http://www.securityfocus.com/bid/22496	2018-10-30

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc	2018-10-30
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2007-0089.html	2018-10-30
http://security.gentoo.org/glsa/glsa-200703-21.xml	2018-10-30
http://www.mandriva.com/security/advisories?name=MDKSA-2007:048	2018-10-30
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0076.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0081.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0082.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-0088.html	2018-10-30
http://www.trustix.org/errata/2007/0009	2018-10-30
http://www.ubuntu.com/usn/usn-424-1	2018-10-30
http://www.ubuntu.com/usn/usn-424-2	2018-10-30
http://www.us.debian.org/security/2007/dsa-1264	2018-10-30
https://access.redhat.com/security/cve/CVE-2007-0908	2007-02-26
https://bugzilla.redhat.com/show_bug.cgi?id=1618282	2007-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 4.0.0 < 4.4.5 Search vendor "Php" for product "Php" and version " >= 4.0.0 < 4.4.5"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 5.0.0 < 5.2.1 Search vendor "Php" for product "Php" and version " >= 5.0.0 < 5.2.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		beta_4_patch1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		beta1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		beta2		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		beta3		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		beta4		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		rc1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				4.0 Search vendor "Php" for product "Php" and version "4.0"		rc2		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				5.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "5.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"		-		Affected