Vulnerability Details : CVE-2007-1453

Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.

Vulnerability category: Execute code

Published 2007-03-14 18:19:00

Updated 2008-09-05 21:20:32

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-1453

Probability of exploitation activity in the next 30 days: 1.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-1453

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

Vendor statements for CVE-2007-1453

Red Hat 2007-04-16

Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.

References for CVE-2007-1453

Products affected by CVE-2007-1453

PHP » PHP » Version: 5.2.0
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
Matching versions