Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2007-1285

Disclosure Date: March 06, 2007 •

CVE-2007-1285 CVSS v3 Base Score: 7.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.5 High

Impact Score:

3.6

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

Products

References

Canonical

CVE-2007-1285 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285)

BID-22764 (http://www.securityfocus.com/bid/22764)

Advisory

https://launchpad.net/bugs/173043

http://rhn.redhat.com/errata/RHSA-2007-0154.html

SECUNIA-26048 (http://secunia.com/advisories/26048)

20070418 rPSA-2007-0073-1 php php-mysql php-pgsql (http://www.securityfocus.com/archive/1/466166/100/0/threaded)

GLSA-200705-19 (http://security.gentoo.org/glsa/glsa-200705-19.xml)

SECUNIA-24941 (http://secunia.com/advisories/24941)

SECUNIA-27864 (http://secunia.com/advisories/27864)

http://www.redhat.com/support/errata/RHSA-2007-0162.html

http://us2.php.net/releases/4_4_7.php

http://www.php.net/releases/4_4_8.php

http://www.php.net/ChangeLog-5.php#5.2.4

SECUNIA-28936 (http://secunia.com/advisories/28936)

http://www.mandriva.com/security/advisories?name=MDKSA-2007:090

USN-549-1 (https://usn.ubuntu.com/549-1)

SECUNIA-24909 (http://secunia.com/advisories/24909)

http://www.mandriva.com/security/advisories?name=MDKSA-2007:087

SECUNIA-24945 (http://secunia.com/advisories/24945)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017

https://issues.rpath.com/browse/RPL-1268

OSVDB-32769 (http://www.osvdb.org/32769)

http://us2.php.net/releases/5_2_2.php

SECTRACK-1017771 (http://www.securitytracker.com/id?1017771)

http://www.redhat.com/support/errata/RHSA-2007-0082.html

SECUNIA-24924 (http://secunia.com/advisories/24924)

http://rhn.redhat.com/errata/RHSA-2007-0155.html

SECUNIA-24910 (http://secunia.com/advisories/24910)

http://www.php.net/ChangeLog-4.php

http://www.php.net/releases/5_2_4.php

http://www.mandriva.com/security/advisories?name=MDKSA-2007:089

SECUNIA-25445 (http://secunia.com/advisories/25445)

http://rhn.redhat.com/errata/RHSA-2007-0163.html

USN-549-2 (http://www.ubuntu.com/usn/usn-549-2)

SECUNIA-26642 (http://secunia.com/advisories/26642)

http://www.mandriva.com/security/advisories?name=MDKSA-2007:088

http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html

Miscellaneous

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136

http://www.php-security.org/MOPB/MOPB-03-2007.html

Rapid7

Technical Analysis