CVE-2007-1380
CVE-2007-1380
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
cve_referencewww.exploit-db.com/exploits/3413não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.htmlhttp://secunia.com/advisories/24514http://secunia.com/advisories/24606http://secunia.com/advisories/25025http://secunia.com/advisories/25056http://secunia.com/advisories/25057http://secunia.com/advisories/25062http://secunia.com/advisories/25423http://secunia.com/advisories/25850http://security.gentoo.org/glsa/glsa-200703-21.xml