CVE-2007-1522

NONECVSS 0.0

0.0

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.

🔗 References (12)

cve@mitrehttp://secunia.com/advisories/24505
cve@mitrehttp://secunia.com/advisories/25056
cve@mitrehttp://www.novell.com/linux/security/advisories/2007_32_php.html
cve@mitrehttp://www.php-security.org/MOPB/MOPB-23-2007.html
cve@mitrehttp://www.securityfocus.com/bid/22971
cve@mitrehttp://www.vupen.com/english/advisories/2007/0960
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24505
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25056
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_32_php.html
af854a3a-2127-422b-91ae-364da2661108http://www.php-security.org/MOPB/MOPB-23-2007.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22971
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0960

Is Your Infrastructure Affected by CVE-2007-1522?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-1522

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-1522?