Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4840

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4840
Last Modified 07 Mar 2011 09:59:17
Published 12 Sep 2007 04:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4840

Summary

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

Vulnerable Systems

Application

  • Php 5.2.4


References

HP - HPSBUX02332

BUGTRAQ - 20070906 PHP <= 5.2.4 multiple Iconv functions denial of service

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242

OSVDB - 38916

CONFIRM - https://issues.rpath.com/browse/RPL-1943

HP - SSRT080056

GENTOO - GLSA-200710-02

SREASON - 3122

SECUNIA - 30040

SECUNIA - 28658

SECUNIA - 27659

SECUNIA - 27102

SUSE - SUSE-SA:2008:004


Last Updated: 27 May 2016 10:45:58