CVE-2007-1711
published 2007-03-27CVE-2007-1711: Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.63%
93.8th percentile
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2007-03-25·CVSS 6.8
CVE-2007-1711 [MEDIUM] security flaw
security flaw
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
GHSA
GHSA-g7q5-7w4c-7v63: Double free vulnerability in the unserializer in PHP 4
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-1711 [MEDIUM] GHSA-g7q5-7w4c-7v63: Double free vulnerability in the unserializer in PHP 4
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
No detection rules found.
Bugzilla
CVE-2007-1711 security flaw
bugzilla·2018-08-16·CVSS 6.8
CVE-2007-1711 [MEDIUM] CVE-2007-1711 security flaw
CVE-2007-1711 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
Bugzilla
CVE-2007-1285 Multiple PHP issues (CVE-2007-1286, CVE-2007-1711)
bugzilla·2007-04-05·CVSS 7.5
CVE-2007-1285 [HIGH] CVE-2007-1285 Multiple PHP issues (CVE-2007-1286, CVE-2007-1711)
CVE-2007-1285 Multiple PHP issues (CVE-2007-1286, CVE-2007-1711)
+++ This bug was initially created as a clone of Bug #235225 +++
Summary of bugs disclosed during the "Month of PHP Bugs" which affect Stronghold
for Red Hat Enterprise Linux:
CVE-2007-1285 MOPB-03-2007
impact=low,public=20070301
CVE-2007-1286 MOPB-04-2007
impact=important,public=20070302
CVE-2007-1711 MOPB-32-2007
impact=important,public=20070325
Version-Release number of selected component (if applicable):
4.1.2-2.14
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
Bugzilla
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
bugzilla·2007-03-01·CVSS 2.1
CVE-2007-1285 [LOW] CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
Description of problem:
This bug will be used to provide tracking information for the issues reported
during the "Month of PHP Bugs" initiative, http://www.php-security.org/
Discussion:
Introduction: The PHP interpreter does not offer a reliable
"sandboxed" security layer (as found in, say, a JVM) in which
untrusted scripts can be run; any script run by the PHP interpreter
must be trusted with the privileges of the interpreter itself. In
analysis of these issues, bugs which rely on an "untrusted local
attacker" will therefore not be classified as being
security-sensitive, since no trust boundary is crossed.
---
MOPB-01-2007 describes an issue in the PHP interpreter regarding the
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0154.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0155.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0163.htmlhttp://secunia.com/advisories/24910http://secunia.com/advisories/24924http://secunia.com/advisories/24941http://secunia.com/advisories/24945http://secunia.com/advisories/25025http://secunia.com/advisories/25062http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://www.debian.org/security/2007/dsa-1282http://www.debian.org/security/2007/dsa-1283http://www.mandriva.com/security/advisories?name=MDKSA-2007:087http://www.mandriva.com/security/advisories?name=MDKSA-2007:088http://www.php-security.org/MOPB/MOPB-32-2007.htmlhttp://www.securityfocus.com/archive/1/466166/100/0/threadedhttp://www.securityfocus.com/bid/23121http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/33575https://issues.rpath.com/browse/RPL-1268https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10406http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0154.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0155.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0163.htmlhttp://secunia.com/advisories/24910http://secunia.com/advisories/24924http://secunia.com/advisories/24941http://secunia.com/advisories/24945http://secunia.com/advisories/25025http://secunia.com/advisories/25062http://secunia.com/advisories/25445http://secunia.com/advisories/26235http://security.gentoo.org/glsa/glsa-200705-19.xmlhttp://www.debian.org/security/2007/dsa-1282http://www.debian.org/security/2007/dsa-1283http://www.mandriva.com/security/advisories?name=MDKSA-2007:087http://www.mandriva.com/security/advisories?name=MDKSA-2007:088http://www.php-security.org/MOPB/MOPB-32-2007.htmlhttp://www.securityfocus.com/archive/1/466166/100/0/threadedhttp://www.securityfocus.com/bid/23121http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732https://exchange.xforce.ibmcloud.com/vulnerabilities/33575https://issues.rpath.com/browse/RPL-1268https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10406
2007-03-27
Published