CVE-2007-1864 - Vulnerability Details

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Php	Php
Redhat	Enterprise Linux Enterprise Linux Server Enterprise Linux Workstation Rhel Application Stack

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
php-0:4.3.9-3.22.5	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0349	2007-05-09T00:00:00Z
Red Hat Enterprise Linux 5
php-0:5.1.6-12.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0348	2007-05-08T00:00:00Z
Red Hat Web Application Stack for RHEL 4
php-0:5.1.6-3.el4s1.7	cpe:/a:redhat:rhel_application_stack:1	RHSA-2007:0355	2007-05-10T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://osvdb.org/34674
http://secunia.com/advisories/25187
http://secunia.com/advisories/25191
http://secunia.com/advisories/25255
http://secunia.com/advisories/25445
http://secunia.com/advisories/25660
http://secunia.com/advisories/25938
http://secunia.com/advisories/25945
http://secunia.com/advisories/26048
http://secunia.com/advisories/26102
http://secunia.com/advisories/27377
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.debian.org/security/2007/dsa-1330
http://www.debian.org/security/2007/dsa-1331
http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
http://www.mandriva.com/security/advisories?name=MDKSA-2007:103
http://www.redhat.com/support/errata/RHSA-2007-0349.html
http://www.redhat.com/support/errata/RHSA-2007-0355.html
http://www.securityfocus.com/bid/23813
http://www.securitytracker.com/id?1018024
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-485-1
http://www.vupen.com/english/advisories/2007/2187
https://issues.rpath.com/browse/RPL-1693
https://nvd.nist.gov/vuln/detail/CVE-2007-1864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11257
https://rhn.redhat.com/errata/RHSA-2007-0348.html
https://www.cve.org/CVERecord?id=CVE-2007-1864

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-05-09T00:00:00

Updated: 2024-08-07T13:13:41.639Z

Reserved: 2007-04-04T00:00:00

Link: CVE-2007-1864

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-05-09T00:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1864

Redhat

Severity : Important

Publid Date: 2007-05-03T00:00:00Z

Links: CVE-2007-1864 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object