Vulnerability Details : CVE-2007-1285
Potential exploit
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Vulnerability category: Denial of service
Products affected by CVE-2007-1285
- cpe:2.3:o:novell:suse_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Threat overview for CVE-2007-1285
Top countries where our scanners detected CVE-2007-1285
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-1285 17,142
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-1285!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-1285
8.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1285
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-02-02 |
CWE ids for CVE-2007-1285
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-1285
-
http://secunia.com/advisories/25445
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
https://issues.rpath.com/browse/RPL-1268
Broken Link
-
http://security.gentoo.org/glsa/glsa-200705-19.xml
PHP: Multiple vulnerabilities (GLSA 200705-19) — Gentoo securityThird Party Advisory
-
http://www.php.net/ChangeLog-5.php#5.2.4
PHP: PHP 5 ChangeLogRelease Notes
-
http://rhn.redhat.com/errata/RHSA-2007-0163.html
Broken Link
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
The Slackware Linux Project: Slackware Security AdvisoriesBroken Link
-
http://www.osvdb.org/32769
404 Not FoundBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
[security-announce] SUSE Security Announcement: php4,php5 (SUSE-SA:2007:044) - openSUSE Security Announce - openSUSE Mailing ListsMailing List
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
Advisories | MandrivaThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0082.html
SupportBroken Link
-
http://secunia.com/advisories/24924
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/26642
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/24909
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
Advisories | MandrivaThird Party Advisory
-
http://www.securityfocus.com/archive/1/466166/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/26048
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2007-0155.html
RHSA-2007:0155 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
Advisories | MandrivaThird Party Advisory
-
http://www.securityfocus.com/bid/22764
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/24941
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://us2.php.net/releases/4_4_7.php
PHP: PHP 4.4.7 Release AnnouncementRelease Notes
-
http://www.redhat.com/support/errata/RHSA-2007-0162.html
SupportBroken Link
-
http://www.php.net/ChangeLog-4.php
PHP: PHP 4 ChangeLogRelease Notes
-
https://usn.ubuntu.com/549-1/
404: Page not found | UbuntuBroken Link
-
http://secunia.com/advisories/27864
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/24945
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/28936
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.php-security.org/MOPB/MOPB-03-2007.html
404 Not FoundBroken Link;Exploit;Vendor Advisory
-
http://www.php.net/releases/5_2_4.php
PHP: PHP 5.2.4 Release AnnouncementRelease Notes
-
http://us2.php.net/releases/5_2_2.php
PHP: PHP 5.2.2 Release AnnouncementRelease Notes
-
http://www.php.net/releases/4_4_8.php
PHP: PHP 4.4.8 Release AnnouncementRelease Notes
-
http://rhn.redhat.com/errata/RHSA-2007-0154.html
RHSA-2007:0154 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://launchpad.net/bugs/173043
Bug #173043 “php5 5.2.3-1ubuntu6.1 introduced segfault regressio...” : Bugs : php5 package : UbuntuExploit;Issue Tracking
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017
404 Not FoundBroken Link
-
http://www.securitytracker.com/id?1017771
Broken Link;Third Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088
Advisories | MandrivaThird Party Advisory
-
http://secunia.com/advisories/24910
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.ubuntu.com/usn/usn-549-2
USN-549-2: PHP regression | Ubuntu security notices | UbuntuThird Party Advisory
Jump to