CVE-2007-1475 — MEDIUM (5.4)

Q: How severe is CVE-2007-1475?

CVE-2007-1475 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-1475?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.

Vulnerability Description

Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

CVSS Score

5.4

MEDIUM

AV:A/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	<= 4.4.6

References

http://retrogod.altervista.org/php_446_ibase_connect_bof.htmlBroken Link
http://secunia.com/advisories/24529Third Party Advisory
http://securityreason.com/securityalert/2439ExploitThird Party Advisory
http://www.securityfocus.com/archive/1/462931/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/22976Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33019Third Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/3488Third Party AdvisoryVDB Entry
http://retrogod.altervista.org/php_446_ibase_connect_bof.htmlBroken Link
http://secunia.com/advisories/24529Third Party Advisory
http://securityreason.com/securityalert/2439ExploitThird Party Advisory
http://www.securityfocus.com/archive/1/462931/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/22976Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33019Third Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/3488Third Party AdvisoryVDB Entry

FAQ

What is CVE-2007-1475?

CVE-2007-1475 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via ...

How severe is CVE-2007-1475?

CVE-2007-1475 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1475?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php.