CVE-2007-1380
CVE-2007-1380
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/3413no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://secunia.com/advisories/24514http://secunia.com/advisories/24606http://secunia.com/advisories/25025http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/25423http://secunia.com/advisories/25850http://security.gentoo.org/glsa/glsa-200703-21.xml