CVE-2007-1864 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2007-1864?

CVE-2007-1864 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

Q: How severe is CVE-2007-1864?

CVE-2007-1864 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-1864?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	< 4.4.7
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0

Related Weaknesses (CWE)

CWE-119

References

http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.htmlMailing ListThird Party Advisory
http://osvdb.org/34674Broken Link
http://secunia.com/advisories/25187Permissions RequiredThird Party Advisory
http://secunia.com/advisories/25191Permissions RequiredThird Party Advisory
http://secunia.com/advisories/25255Permissions RequiredThird Party Advisory
http://secunia.com/advisories/25445Permissions RequiredThird Party Advisory
http://secunia.com/advisories/25660Permissions RequiredThird Party Advisory
http://secunia.com/advisories/25938Permissions RequiredThird Party Advisory
http://secunia.com/advisories/25945Permissions RequiredThird Party Advisory
http://secunia.com/advisories/26048Permissions RequiredThird Party Advisory
http://secunia.com/advisories/26102Permissions RequiredThird Party Advisory
http://secunia.com/advisories/27377Permissions RequiredThird Party Advisory
http://security.gentoo.org/glsa/glsa-200705-19.xmlThird Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htmThird Party Advisory
http://us2.php.net/releases/4_4_7.phpPatchVendor Advisory

FAQ

What is CVE-2007-1864?

CVE-2007-1864 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

How severe is CVE-2007-1864?

CVE-2007-1864 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1864?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.