CVE-2007-1824 - OpenCVE

Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php:5.0.0:::::::*
	cpe:2.3:a:php:php:5.0.1:::::::*
	cpe:2.3:a:php:php:5.0.2:::::::*
	cpe:2.3:a:php:php:5.0.3:::::::*
	cpe:2.3:a:php:php:5.0.4:::::::*
	cpe:2.3:a:php:php:5.0.5:::::::*
	cpe:2.3:a:php:php:5.1.0:::::::*
	cpe:2.3:a:php:php:5.1.1:::::::*
	cpe:2.3:a:php:php:5.1.2:::::::*
	cpe:2.3:a:php:php:5.1.3:::::::*
	cpe:2.3:a:php:php:5.1.4:::::::*
	cpe:2.3:a:php:php:5.1.5:::::::*
	cpe:2.3:a:php:php:5.1.6:::::::*
	cpe:2.3:a:php:php:5.2.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/25056
http://secunia.com/advisories/25057
http://secunia.com/advisories/25062
http://www.debian.org/security/2007/dsa-1283
http://www.novell.com/linux/security/advisories/2007_32_php.html
http://www.php-security.org/MOPB/MOPB-42-2007.html
http://www.securityfocus.com/bid/23237
http://www.ubuntu.com/usn/usn-455-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/33729

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-02T23:00:00

Updated: 2024-08-07T13:13:40.593Z

Reserved: 2007-04-02T00:00:00

Link: CVE-2007-1824

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-02T23:19:00.000

Modified: 2017-07-29T01:31:02.047

Link: CVE-2007-1824

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25056", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25056"}, {"name": "23237", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23237"}, {"name": "DSA-1283", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "25062", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25062"}, {"name": "USN-455-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "25057", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25057"}, {"name": "php-phpstreamfiltercreate-bo(33729)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33729"}, {"name": "SUSE-SA:2007:032", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.php-security.org/MOPB/MOPB-42-2007.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1824", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25056", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25056"}, {"name": "23237", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23237"}, {"name": "DSA-1283", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "25062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25062"}, {"name": "USN-455-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "25057", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25057"}, {"name": "php-phpstreamfiltercreate-bo(33729)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33729"}, {"name": "SUSE-SA:2007:032", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"name": "http://www.php-security.org/MOPB/MOPB-42-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-42-2007.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:13:40.593Z"}, "title": "CVE Program Container", "references": [{"name": "25056", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25056"}, {"name": "23237", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23237"}, {"name": "DSA-1283", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1283"}, {"name": "25062", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25062"}, {"name": "USN-455-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"name": "25057", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25057"}, {"name": "php-phpstreamfiltercreate-bo(33729)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33729"}, {"name": "SUSE-SA:2007:032", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.php-security.org/MOPB/MOPB-42-2007.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1824", "datePublished": "2007-04-02T23:00:00", "dateReserved": "2007-04-02T00:00:00", "dateUpdated": "2024-08-07T13:13:40.593Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n php_stream_filter_create de PHP 5 anterior a 5.2.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cierre de aplicaci\u00f3n) mediante un URL php://filter/ que tiene un nombre terminado con el car\u00e1cter '.'."}], "id": "CVE-2007-1824", "lastModified": "2017-07-29T01:31:02.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-02T23:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25056"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25057"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25062"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1283"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"}, {"source": "cve@mitre.org", "url": "http://www.php-security.org/MOPB/MOPB-42-2007.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23237"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-455-1"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33729"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "The PHP interpreter does not offer a reliable "sandboxed" security\nlayer (as found in, say, a JVM) in which untrusted scripts can be run;\nany script run by the PHP interpreter must be trusted with the\nprivileges of the interpreter itself. We therefore do not classify\nthis issue as security-sensitive since no trust boundary is crossed.\n", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}