QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1711

Published: Mar 27, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

20070418 rPSA-2007-0073-1 php php-mysql php-pgsql

mailing-list

x_refsource_BUGTRAQ

APPLE-SA-2007-07-31

vendor-advisory

x_refsource_APPLE

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:10406

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

https://issues.rpath.com/browse/RPL-1268

x_refsource_CONFIRM

http://docs.info.apple.com/article.html?artnum=306172

x_refsource_CONFIRM

php-deserializer-code-execution(33575)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

http://www.php-security.org/MOPB/MOPB-32-2007.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.