Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5899

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5899
Last Modified 07 Mar 2011 10:01:28
Published 20 Nov 2007 02:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5899

Summary

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

Vulnerable Systems

Application

  • Php 5.2.4


References

FEDORA - FEDORA-2008-3864

UBUNTU - USN-628-1

HP - HPSBUX02332

REDHAT - RHSA-2008:0582

REDHAT - RHSA-2008:0546

REDHAT - RHSA-2008:0545

REDHAT - RHSA-2008:0544

REDHAT - RHSA-2008:0505

CONFIRM - http://www.php.net/releases/5_2_5.php

CONFIRM - http://www.php.net/ChangeLog-5.php#5.2.5

MANDRIVA - MDVSA-2008:127

MANDRIVA - MDVSA-2008:126

MANDRIVA - MDVSA-2008:125

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242

SECUNIA - 31200

SECUNIA - 31124

SECUNIA - 31119

SECUNIA - 30828

OSVDB - 38918

CONFIRM - http://bugs.php.net/bug.php?id=42869

CONFIRM - https://launchpad.net/bugs/173043

CONFIRM - https://issues.rpath.com/browse/RPL-1943

UBUNTU - USN-549-1

UBUNTU - USN-549-2

DEBIAN - DSA-1444

SECUNIA - 30040

SECUNIA - 28249

SECUNIA - 27864

SECUNIA - 27659

HP - SSRT080056

Related Patches

Red Hat 2008:0544-06 RHSA Moderate: php security update for RHEL 5 x86


Last Updated: 27 May 2016 10:47:27