CVE-2007-1701

PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".

PHP 4 anterior a 4.4.5, y PHP 5 anterior a 5.2.1, cuando register_globals está activado, permiten a atacantes locales o remotos dependiendo del contexto ejecutar código de su elección mediante una deserialización de los datos de sesión, lo cual sobrescribe variables globales de su elección, como se ha demostrado llamando a session-decode en una cadena que comience con "_SESSION|s:39:".

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-03-25 First Exploit
2007-03-26 CVE Reserved
2007-03-27 CVE Published
2023-12-21 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (15)

URL	Tag	Source
http://secunia.com/advisories/25423	Third Party Advisory
http://secunia.com/advisories/25445	Third Party Advisory
http://secunia.com/advisories/25850	Third Party Advisory
http://www.php-security.org/MOPB/MOPB-31-2007.html	Third Party Advisory
http://www.securityfocus.com/bid/23120	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1991	Third Party Advisory
http://www.vupen.com/english/advisories/2007/2374	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33658	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11034	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/3572	2007-03-25

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506	2019-10-09
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137	2019-10-09
http://security.gentoo.org/glsa/glsa-200705-19.xml	2019-10-09
https://access.redhat.com/security/cve/CVE-2007-1701	2007-02-26
https://bugzilla.redhat.com/show_bug.cgi?id=240431	2007-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 4.0.0 < 4.4.5 Search vendor "Php" for product "Php" and version " >= 4.0.0 < 4.4.5"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 5.0.0 < 5.2.1 Search vendor "Php" for product "Php" and version " >= 5.0.0 < 5.2.1"		-		Affected