Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4783

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4783
Last Modified 07 Mar 2011 09:59:11
Published 10 Sep 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4783

Summary

The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Vulnerable Systems

Application

  • Php 5.2.4


References

HP - HPSBUX02332

BUGTRAQ - 20070905 PHP <=5.2.4 iconv_substr() denial of service

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242

OSVDB - 38917

CONFIRM - https://issues.rpath.com/browse/RPL-1943

GENTOO - GLSA-200710-02

SREASON - 3115

SECUNIA - 30040

SECUNIA - 27659

SECUNIA - 27102

HP - SSRT080056


Last Updated: 27 May 2016 10:51:54