CVE-2007-1399 — CRITICAL (9.8)

Q: How severe is CVE-2007-1399?

CVE-2007-1399 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2007-1399?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Pierrejoye Php Zip.

Vulnerability Description

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Php	Php	5.2.0
Pierrejoye	Php Zip	< 1.8.4

References

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlBroken Link
http://secunia.com/advisories/24471Not Applicable
http://secunia.com/advisories/24514Not Applicable
http://secunia.com/advisories/25938Not Applicable
http://www.debian.org/security/2007/dsa-1330Mailing ListThird Party Advisory
http://www.osvdb.org/32782Broken Link
http://www.php-security.org/MOPB/MOPB-16-2007.htmlExploitVendor Advisory
http://www.securityfocus.com/bid/22883Broken Link
http://www.vupen.com/english/advisories/2007/0898Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/32889Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlBroken Link
http://secunia.com/advisories/24471Not Applicable
http://secunia.com/advisories/24514Not Applicable
http://secunia.com/advisories/25938Not Applicable
http://www.debian.org/security/2007/dsa-1330Mailing ListThird Party Advisory

FAQ

What is CVE-2007-1399?

CVE-2007-1399 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as de...

How severe is CVE-2007-1399?

CVE-2007-1399 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2007-1399?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Pierrejoye Php Zip.