CVE-2007-1583
published 2007-03-21CVE-2007-1583: The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.24%
91.5th percentile
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
Affected
52 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mx7r-xhxh-f687: The mb_parse_str function in PHP 4
ghsa_unreviewed·2022-05-01
CVE-2007-1583 [MEDIUM] GHSA-mx7r-xhxh-f687: The mb_parse_str function in PHP 4
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2007-04-27·CVSS 5.0
CVE-2007-1888 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
Stefan Esser discovered multiple vulnerabilities in the "Month of PHP
bugs".
The substr_compare() function did not sufficiently verify its length
argument. This might be exploited to read otherwise unaccessible
memory, which might lead to information disclosure. (CVE-2007-1375)
The shared memory (shmop) functions did not verify resource types,
thus they could be called with a wrong resource type that might
contain user supplied data. This could be exploited to read and write
arbitrary memory addresses of the PHP interpreter. This issue does
not affect Ubuntu 7.04. (CVE-2007-1376)
The php_binary handler of the session extension was missing a boundary
check. When unserializing overly long variable names this could be
exploited to r
Red Hat
security flaw
vendor_redhat·2007-03-20·CVSS 6.8
CVE-2007-1583 [MEDIUM] security flaw
security flaw
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
No detection rules found.
Bugzilla
CVE-2007-1583 security flaw
bugzilla·2018-08-16·CVSS 6.8
CVE-2007-1583 [MEDIUM] CVE-2007-1583 security flaw
CVE-2007-1583 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
Bugzilla
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
bugzilla·2007-03-01·CVSS 2.1
CVE-2007-1285 [LOW] CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
Description of problem:
This bug will be used to provide tracking information for the issues reported
during the "Month of PHP Bugs" initiative, http://www.php-security.org/
Discussion:
Introduction: The PHP interpreter does not offer a reliable
"sandboxed" security layer (as found in, say, a JVM) in which
untrusted scripts can be run; any script run by the PHP interpreter
must be trusted with the privileges of the interpreter itself. In
analysis of these issues, bugs which rely on an "untrusted local
attacker" will therefore not be classified as being
security-sensitive, since no trust boundary is crossed.
---
MOPB-01-2007 describes an issue in the PHP interpreter regarding the
CTF
LazyAdmin / README
ctf_writeups·CVSS 5.0
[MEDIUM] LazyAdmin / README
# LazyAdmin
Have some fun! There might be multiple ways to get user access.
- What is the user flag?
- `nmap -sV -sC `. There are two services exposed: 22/tcp (ssh) and 1583/tcp (simbaexpress)
- `nmap --script=vuln `
- Nmap scan report for 10.10.58.33
Host is up (0.081s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum:
|_ /content/: Potentially interesting folder
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open and hold
| them open as long as possible. It accomplishes this by opening connections
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0155.htmlhttp://secunia.com/advisories/24909http://secunia.com/advisories/24924http://secunia.com/advisories/24945http://secunia.com/advisories/24965http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.debian.org/security/2007/dsa-1283http://www.mandriva.com/security/advisories?name=MDKSA-2007:088http://www.mandriva.com/security/advisories?name=MDKSA-2007:089http://www.mandriva.com/security/advisories?name=MDKSA-2007:090http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-26-2007.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0153.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0162.htmlhttp://www.securityfocus.com/archive/1/466166/100/0/threadedhttp://www.securityfocus.com/bid/23016http://www.securityfocus.com/bid/25159http://www.ubuntu.com/usn/usn-455-1http://www.vupen.com/english/advisories/2007/2732https://issues.rpath.com/browse/RPL-1268https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0155.htmlhttp://secunia.com/advisories/24909http://secunia.com/advisories/24924http://secunia.com/advisories/24945http://secunia.com/advisories/24965http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://us2.php.net/releases/4_4_7.phphttp://us2.php.net/releases/5_2_2.phphttp://www.debian.org/security/2007/dsa-1283http://www.mandriva.com/security/advisories?name=MDKSA-2007:088http://www.mandriva.com/security/advisories?name=MDKSA-2007:089http://www.mandriva.com/security/advisories?name=MDKSA-2007:090http://www.novell.com/linux/security/advisories/2007_32_php.htmlhttp://www.php-security.org/MOPB/MOPB-26-2007.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0153.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0162.htmlhttp://www.securityfocus.com/archive/1/466166/100/0/threadedhttp://www.securityfocus.com/bid/23016http://www.securityfocus.com/bid/25159http://www.ubuntu.com/usn/usn-455-1http://www.vupen.com/english/advisories/2007/2732https://issues.rpath.com/browse/RPL-1268https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245
2007-03-21
Published