CVE-2007-1583 Common Vulnerabilities and Exposures

Upstream information

CVE-2007-1583 at MITRE

Description

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entries: 255741 [RESOLVED / FIXED], 307272 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SA:2007:032, published Wed, 23 May 2007 12:00:00 +0000

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 02:48:50 2013
CVE page last modified: Fri Dec 8 16:20:20 2023