CVE-2007-0908
CVE-2007-0908
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/3414no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.aschttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://osvdb.org/32766http://rhn.redhat.com/errata/RHSA-2007-0089.htmlhttp://secunia.com/advisories/24089http://secunia.com/advisories/24195http://secunia.com/advisories/24217http://secunia.com/advisories/24236http://secunia.com/advisories/24248http://secunia.com/advisories/24284http://secunia.com/advisories/24295http://secunia.com/advisories/24322