NVD

Id
57925  
Name
CVE-2007-5899  
Description
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-07  
Published
2007-11-20  
Modified Date
2011-03-07  
Seq
2007-5899  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
296495 57925 CVE-2007-5899 http://bugs.php.net/bug.php?id=42869  View
296496 57925 CVE-2007-5899 oval:org.mitre.oval:def:11211  View
296497 57925 CVE-2007-5899 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242  View
296498 57925 CVE-2007-5899 DSA-1444  View
296499 57925 CVE-2007-5899 MDVSA-2008:125  View
296500 57925 CVE-2007-5899 MDVSA-2008:126  View
296501 57925 CVE-2007-5899 MDVSA-2008:127  View
296502 57925 CVE-2007-5899 http://www.php.net/ChangeLog-5.php#5.2.5  View
296503 57925 CVE-2007-5899 http://www.php.net/releases/5_2_5.php  View
296504 57925 CVE-2007-5899 RHSA-2008:0505  View
296505 57925 CVE-2007-5899 RHSA-2008:0544  View
296506 57925 CVE-2007-5899 RHSA-2008:0545  View
296507 57925 CVE-2007-5899 RHSA-2008:0546  View
296508 57925 CVE-2007-5899 RHSA-2008:0582  View
296509 57925 CVE-2007-5899 HPSBUX02332  View
296510 57925 CVE-2007-5899 USN-549-2  View
296511 57925 CVE-2007-5899 USN-628-1  View
296512 57925 CVE-2007-5899 USN-549-1  View
296513 57925 CVE-2007-5899 https://issues.rpath.com/browse/RPL-1943  View
296514 57925 CVE-2007-5899 https://launchpad.net/bugs/173043  View
296515 57925 CVE-2007-5899 FEDORA-2008-3864  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
52302 JVNDB-2007-000992 PHP におけるローカルフォームを書き換えられる問題 PHP の output_add_rewrite_var() 関数には、ローカルではない URL を参照する ACTION 属性によって、ローカルフォームを書き換えられる問題が存在します。 CVE-2007-5899 29254 CVE-2007-5899 57925 4.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000992.html 2007-11-20 2008-11-26 View