Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4658

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4658
Last Modified 20 Jun 2011 12:00:00
Published 04 Sep 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4658

Summary

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Vulnerable Systems

Application

  • Php 4.0

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3.0

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 4.4.3

  • Php 4.4.4

  • Php 4.4.5

  • Php 4.4.6

  • Php 4.4.7

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2

  • Php 5.1.3

  • Php 5.1.4

  • Php 5.1.5

  • Php 5.1.6

  • Php 5.2.0

  • Php 5.2.1

  • Php 5.2.10

  • Php 5.2.11

  • Php 5.2.12

  • Php 5.2.13

  • Php 5.2.14

  • Php 5.2.2

  • Php 5.2.3


References

CONFIRM - http://www.php.net/ChangeLog-5.php#5.2.4

SECUNIA - 26642

FEDORA - FEDORA-2007-709

CONFIRM - https://launchpad.net/bugs/173043

CONFIRM - https://issues.rpath.com/browse/RPL-1702

CONFIRM - https://issues.rpath.com/browse/RPL-1693

XF - php-moneyformat-unspecified(36377)

VUPEN - ADV-2008-0059

VUPEN - ADV-2007-3023

UBUNTU - USN-549-1

UBUNTU - USN-549-2

TRUSTIX - 2007-0026

REDHAT - RHSA-2007:0891

REDHAT - RHSA-2007:0890

CONFIRM - http://www.php.net/releases/5_2_4.php

CONFIRM - http://www.php.net/releases/4_4_8.php

CONFIRM - http://www.php.net/ChangeLog-4.php

MANDRIVA - MDKSA-2007:187

GENTOO - GLSA-200710-02

DEBIAN - DSA-1444

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm

SLACKWARE - SSA:2008-045-03

SECUNIA - 28936

SECUNIA - 28658

SECUNIA - 28249

SECUNIA - 27864

SECUNIA - 27545

SECUNIA - 27377

SECUNIA - 27102

SECUNIA - 26967

SECUNIA - 26930

SECUNIA - 26895

SECUNIA - 26871

SECUNIA - 26838

SECUNIA - 26822

REDHAT - RHSA-2007:0889

SUSE - SUSE-SA:2008:004

Related Patches

Red Hat 2007:0890-02 RHSA Moderate: php security update for RHEL 5 x86


Last Updated: 27 May 2016 10:45:56