CVE
- Id
- 28139
- CVE No.
- CVE-2007-4782
- Status
- Candidate
- Description
- PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
- Phase
- Assigned (20070910)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 291864 | 28139 | CVE-2007-4782 | BUGTRAQ:20070904 PHP < 5.2.3 fnmatch() denial of service | View |
| 291865 | 28139 | CVE-2007-4782 | URL:http://www.securityfocus.com/archive/1/archive/1/478630/100/0/threaded | View |
| 291866 | 28139 | CVE-2007-4782 | BUGTRAQ:20070904 PHP < 5.2.3 glob() denial of service | View |
| 291867 | 28139 | CVE-2007-4782 | URL:http://www.securityfocus.com/archive/1/archive/1/478626/100/0/threaded | View |
| 291868 | 28139 | CVE-2007-4782 | BUGTRAQ:20070905 PHP < 5.2.3 glob() denial of service | View |
| 291869 | 28139 | CVE-2007-4782 | URL:http://www.securityfocus.com/archive/1/478726/100/0/threaded | View |
| 291870 | 28139 | CVE-2007-4782 | FEDORA:FEDORA-2008-3864 | View |
| 291871 | 28139 | CVE-2007-4782 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html | View |
| 291872 | 28139 | CVE-2007-4782 | GENTOO:GLSA-200710-02 | View |
| 291873 | 28139 | CVE-2007-4782 | URL:http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml | View |
| 291874 | 28139 | CVE-2007-4782 | MANDRIVA:MDVSA-2009:022 | View |
| 291875 | 28139 | CVE-2007-4782 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 | View |
| 291876 | 28139 | CVE-2007-4782 | MANDRIVA:MDVSA-2009:023 | View |
| 291877 | 28139 | CVE-2007-4782 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 | View |
| 291878 | 28139 | CVE-2007-4782 | REDHAT:RHSA-2008:0505 | View |
| 291879 | 28139 | CVE-2007-4782 | URL:http://www.redhat.com/support/errata/RHSA-2008-0505.html | View |
| 291880 | 28139 | CVE-2007-4782 | REDHAT:RHSA-2008:0544 | View |
| 291881 | 28139 | CVE-2007-4782 | URL:http://www.redhat.com/support/errata/RHSA-2008-0544.html | View |
| 291882 | 28139 | CVE-2007-4782 | REDHAT:RHSA-2008:0545 | View |
| 291883 | 28139 | CVE-2007-4782 | URL:http://www.redhat.com/support/errata/RHSA-2008-0545.html | View |
| 291884 | 28139 | CVE-2007-4782 | REDHAT:RHSA-2008:0582 | View |
| 291885 | 28139 | CVE-2007-4782 | URL:http://www.redhat.com/support/errata/RHSA-2008-0582.html | View |
| 291886 | 28139 | CVE-2007-4782 | SUSE:SUSE-SA:2008:004 | View |
| 291887 | 28139 | CVE-2007-4782 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html | View |
| 291888 | 28139 | CVE-2007-4782 | UBUNTU:USN-628-1 | View |
| 291889 | 28139 | CVE-2007-4782 | URL:http://www.ubuntu.com/usn/usn-628-1 | View |
| 291890 | 28139 | CVE-2007-4782 | OSVDB:38686 | View |
| 291891 | 28139 | CVE-2007-4782 | URL:http://osvdb.org/38686 | View |
| 291892 | 28139 | CVE-2007-4782 | OVAL:oval:org.mitre.oval:def:10897 | View |
| 291893 | 28139 | CVE-2007-4782 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10897 | View |
| 291894 | 28139 | CVE-2007-4782 | SECUNIA:27102 | View |
| 291895 | 28139 | CVE-2007-4782 | URL:http://secunia.com/advisories/27102 | View |
| 291896 | 28139 | CVE-2007-4782 | SECUNIA:28658 | View |
| 291897 | 28139 | CVE-2007-4782 | URL:http://secunia.com/advisories/28658 | View |
| 291898 | 28139 | CVE-2007-4782 | SECUNIA:30828 | View |
| 291899 | 28139 | CVE-2007-4782 | URL:http://secunia.com/advisories/30828 | View |
| 291900 | 28139 | CVE-2007-4782 | SECUNIA:31119 | View |
| 291901 | 28139 | CVE-2007-4782 | URL:http://secunia.com/advisories/31119 | View |
| 291902 | 28139 | CVE-2007-4782 | SECUNIA:31200 | View |
| 291903 | 28139 | CVE-2007-4782 | URL:http://secunia.com/advisories/31200 | View |
| 291904 | 28139 | CVE-2007-4782 | SREASON:3109 | View |
| 291905 | 28139 | CVE-2007-4782 | URL:http://securityreason.com/securityalert/3109 | View |
| 291906 | 28139 | CVE-2007-4782 | XF:php-fnmatch-dos(36457) | View |
| 291907 | 28139 | CVE-2007-4782 | URL:http://xforce.iss.net/xforce/xfdb/36457 | View |
| 291908 | 28139 | CVE-2007-4782 | XF:php-globfunction-dos(36461) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 52476 | JVNDB-2007-001168 | PHP の setlocale 関数におけるサービス運用妨害 (DoS) の脆弱性 | PHP の setlocale 関数には、locale パラメータの取り扱いに不備があり、アプリケーションがクラッシュするサービス運用妨害 (DoS) の脆弱性が存在します。 | CVE-2007-4784 | 28139 | 5 | http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001168.html | View |
