CVE-2007-0905

NONE EPSS 82.4%
Published Feb 13, 200719y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 13, 2007 19y ago
Last Modified Jun 16, 2026 2w ago

Description

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

Threat Intelligence

EPSS Exploit Probability
82.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 77

VendorProductVersionRange
phpphp3.0any
phpphp3.0.1any
phpphp3.0.2any
phpphp3.0.3any
phpphp3.0.4any
phpphp3.0.5any
phpphp3.0.6any
phpphp3.0.7any
phpphp3.0.8any
phpphp3.0.9any
phpphp3.0.10any
phpphp3.0.11any
phpphp3.0.12any
phpphp3.0.13any
phpphp3.0.14any
phpphp3.0.15any
phpphp3.0.16any
phpphp3.0.17any
phpphp3.0.18any
phpphp4.0any
phpphp4.0.1any
phpphp4.0.1any
phpphp4.0.1any
phpphp4.0.2any
phpphp4.0.3any
phpphp4.0.3any
phpphp4.0.4any
phpphp4.0.5any
phpphp4.0.6any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.0.7any
phpphp4.1.0any
phpphp4.1.1any
phpphp4.1.2any
phpphp4.2any
phpphp4.2.0any
phpphp4.2.1any
phpphp4.2.2any
phpphp4.2.3any
phpphp4.3.0any
phpphp4.3.1any
phpphp4.3.2any
phpphp4.3.3any
phpphp4.3.4any
phpphp4.3.5any
phpphp4.3.6any
phpphp4.3.7any
phpphp4.3.8any
phpphp4.3.9any
phpphp4.3.10any
phpphp4.3.11any
phpphp4.4.0any
phpphp4.4.1any
phpphp4.4.2any
phpphp4.4.3any
phpphp4.4.4any
phpphp5.0any
phpphp5.0any
phpphp5.0any
phpphp5.0.0any
phpphp5.0.1any
phpphp5.0.2any
phpphp5.0.3any
phpphp5.0.4any
phpphp5.0.5any
phpphp5.1.0any
phpphp5.1.1any
phpphp5.1.2any
phpphp5.1.3any
phpphp5.1.4any
phpphp5.1.5any
phpphp5.1.6any
phpphp5.2.0any
trustixsecure_linux2.2any
trustixsecure_linux3.0any

References 9

  • osvdb.org http://osvdb.org/32768
  • secunia.com http://secunia.com/advisories/24089
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/24419
  • openpkg.com http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
  • php.net http://www.php.net/ChangeLog-5.php#5.2.1
  • php.net http://www.php.net/releases/5_2_1.php
  • securityfocus.com http://www.securityfocus.com/bid/22496
    Patch
  • trustix.org http://www.trustix.org/errata/2007/0009/
  • vupen.com http://www.vupen.com/english/advisories/2007/0546

Remediation