Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4783


Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4783
Last Modified 07 Mar 2011 09:59:11
Published 10 Sep 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Vulnerable Systems


  • Php 5.2.4


HP - HPSBUX02332

BUGTRAQ - 20070905 PHP <=5.2.4 iconv_substr() denial of service


OSVDB - 38917


GENTOO - GLSA-200710-02

SREASON - 3115

SECUNIA - 30040

SECUNIA - 27659

SECUNIA - 27102

HP - SSRT080056

Last Updated: 27 May 2016 10:51:54