NVD Vulnerability Detail

CVE-2007-1583

Summary	The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
Summary	La función mb_parse_str del PHP 4.0.0 hasta la 4.4.6 y de la 5.0.0 hasta la 5.2.1 establece la bandera interna del registro global y no la deshabilita en ciertos casos cuando la secuencia de comandos termina, lo que permite a atacantes remotos invocar secuencias de comandos PHP disponibles con la funcionalidad del registro global, lo que no es detectado por estas secuencias de comandos, como lo demostrado forzando una violación del límite de memoria.
Publication Date	March 22, 2007, 8:19 a.m.
Registration Date	Jan. 29, 2021, 2:09 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
cpe:2.3:a:php:php:4.0:beta1::::::
cpe:2.3:a:php:php:4.0:beta2::::::
cpe:2.3:a:php:php:4.0:beta3::::::
cpe:2.3:a:php:php:4.0:beta4::::::
cpe:2.3:a:php:php:4.0:rc1::::::
cpe:2.3:a:php:php:4.0:rc2::::::
cpe:2.3:a:php:php:4.0.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.4:patch1::::::
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2::dev:::::
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:4.4.5:::::::*
cpe:2.3:a:php:php:4.4.6:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.0:beta1::::::
cpe:2.3:a:php:php:5.0.0:beta2::::::
cpe:2.3:a:php:php:5.0.0:beta3::::::
cpe:2.3:a:php:php:5.0.0:beta4::::::
cpe:2.3:a:php:php:5.0.0:rc1::::::
cpe:2.3:a:php:php:5.0.0:rc2::::::
cpe:2.3:a:php:php:5.0.0:rc3::::::
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*

Related information, measures and tools

No	URL	refsource
1	http://docs.info.apple.com/article.html?artnum=306172	cve@mitre.org
2	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	cve@mitre.org
3	http://rhn.redhat.com/errata/RHSA-2007-0155.html	cve@mitre.org
4	http://secunia.com/advisories/24909	cve@mitre.org
5	http://secunia.com/advisories/24924	cve@mitre.org
6	http://secunia.com/advisories/24945	cve@mitre.org
7	http://secunia.com/advisories/24965	cve@mitre.org
8	http://secunia.com/advisories/25056	cve@mitre.org
9	http://secunia.com/advisories/25057	cve@mitre.org
10	http://secunia.com/advisories/25062	cve@mitre.org
11	http://secunia.com/advisories/25445	cve@mitre.org
12	http://secunia.com/advisories/26235	cve@mitre.org
13	http://security.gentoo.org/glsa/glsa-200705-19.xml	cve@mitre.org
14	http://us2.php.net/releases/4_4_7.php	cve@mitre.org
15	http://us2.php.net/releases/5_2_2.php	cve@mitre.org
16	http://www.debian.org/security/2007/dsa-1283	cve@mitre.org
17	http://www.mandriva.com/security/advisories?name=MDKSA-2007:088	cve@mitre.org
18	http://www.mandriva.com/security/advisories?name=MDKSA-2007:089	cve@mitre.org
19	http://www.mandriva.com/security/advisories?name=MDKSA-2007:090	cve@mitre.org
20	http://www.novell.com/linux/security/advisories/2007_32_php.html	cve@mitre.org
21	http://www.php-security.org/MOPB/MOPB-26-2007.html	cve@mitre.org
22	http://www.redhat.com/support/errata/RHSA-2007-0153.html	cve@mitre.org
23	http://www.redhat.com/support/errata/RHSA-2007-0162.html	cve@mitre.org
24	http://www.securityfocus.com/archive/1/466166/100/0/threaded	cve@mitre.org
25	http://www.securityfocus.com/bid/23016	cve@mitre.org
26	http://www.securityfocus.com/bid/25159	cve@mitre.org
27	http://www.ubuntu.com/usn/usn-455-1	cve@mitre.org
28	http://www.vupen.com/english/advisories/2007/2732	cve@mitre.org
29	https://issues.rpath.com/browse/RPL-1268	cve@mitre.org
30	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245	cve@mitre.org
31	http://docs.info.apple.com/article.html?artnum=306172	af854a3a-2127-422b-91ae-364da2661108
32	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
33	http://rhn.redhat.com/errata/RHSA-2007-0155.html	af854a3a-2127-422b-91ae-364da2661108
34	http://secunia.com/advisories/24909	af854a3a-2127-422b-91ae-364da2661108
35	http://secunia.com/advisories/24924	af854a3a-2127-422b-91ae-364da2661108
36	http://secunia.com/advisories/24945	af854a3a-2127-422b-91ae-364da2661108
37	http://secunia.com/advisories/24965	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/25056	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/25057	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/25062	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/25445	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/26235	af854a3a-2127-422b-91ae-364da2661108
43	http://security.gentoo.org/glsa/glsa-200705-19.xml	af854a3a-2127-422b-91ae-364da2661108
44	http://us2.php.net/releases/4_4_7.php	af854a3a-2127-422b-91ae-364da2661108
45	http://us2.php.net/releases/5_2_2.php	af854a3a-2127-422b-91ae-364da2661108
46	http://www.debian.org/security/2007/dsa-1283	af854a3a-2127-422b-91ae-364da2661108
47	http://www.mandriva.com/security/advisories?name=MDKSA-2007:088	af854a3a-2127-422b-91ae-364da2661108
48	http://www.mandriva.com/security/advisories?name=MDKSA-2007:089	af854a3a-2127-422b-91ae-364da2661108
49	http://www.mandriva.com/security/advisories?name=MDKSA-2007:090	af854a3a-2127-422b-91ae-364da2661108
50	http://www.novell.com/linux/security/advisories/2007_32_php.html	af854a3a-2127-422b-91ae-364da2661108
51	http://www.php-security.org/MOPB/MOPB-26-2007.html	af854a3a-2127-422b-91ae-364da2661108
52	http://www.redhat.com/support/errata/RHSA-2007-0153.html	af854a3a-2127-422b-91ae-364da2661108
53	http://www.redhat.com/support/errata/RHSA-2007-0162.html	af854a3a-2127-422b-91ae-364da2661108
54	http://www.securityfocus.com/archive/1/466166/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
55	http://www.securityfocus.com/bid/23016	af854a3a-2127-422b-91ae-364da2661108
56	http://www.securityfocus.com/bid/25159	af854a3a-2127-422b-91ae-364da2661108
57	http://www.ubuntu.com/usn/usn-455-1	af854a3a-2127-422b-91ae-364da2661108
58	http://www.vupen.com/english/advisories/2007/2732	af854a3a-2127-422b-91ae-364da2661108
59	https://issues.rpath.com/browse/RPL-1268	af854a3a-2127-422b-91ae-364da2661108
60	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10245	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:php:php:4.0:::::::*
cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
cpe:2.3:a:php:php:4.0:beta1::::::
cpe:2.3:a:php:php:4.0:beta2::::::
cpe:2.3:a:php:php:4.0:beta3::::::
cpe:2.3:a:php:php:4.0:beta4::::::
cpe:2.3:a:php:php:4.0:rc1::::::
cpe:2.3:a:php:php:4.0:rc2::::::
cpe:2.3:a:php:php:4.0.0:::::::*
cpe:2.3:a:php:php:4.0.1:::::::*
cpe:2.3:a:php:php:4.0.1:patch1::::::
cpe:2.3:a:php:php:4.0.1:patch2::::::
cpe:2.3:a:php:php:4.0.2:::::::*
cpe:2.3:a:php:php:4.0.3:::::::*
cpe:2.3:a:php:php:4.0.3:patch1::::::
cpe:2.3:a:php:php:4.0.4:::::::*
cpe:2.3:a:php:php:4.0.4:patch1::::::
cpe:2.3:a:php:php:4.0.5:::::::*
cpe:2.3:a:php:php:4.0.6:::::::*
cpe:2.3:a:php:php:4.0.7:::::::*
cpe:2.3:a:php:php:4.0.7:rc1::::::
cpe:2.3:a:php:php:4.0.7:rc2::::::
cpe:2.3:a:php:php:4.0.7:rc3::::::
cpe:2.3:a:php:php:4.1.0:::::::*
cpe:2.3:a:php:php:4.1.1:::::::*
cpe:2.3:a:php:php:4.1.2:::::::*
cpe:2.3:a:php:php:4.2::dev:::::
cpe:2.3:a:php:php:4.2.0:::::::*
cpe:2.3:a:php:php:4.2.1:::::::*
cpe:2.3:a:php:php:4.2.2:::::::*
cpe:2.3:a:php:php:4.2.3:::::::*
cpe:2.3:a:php:php:4.3.0:::::::*
cpe:2.3:a:php:php:4.3.1:::::::*
cpe:2.3:a:php:php:4.3.2:::::::*
cpe:2.3:a:php:php:4.3.3:::::::*
cpe:2.3:a:php:php:4.3.4:::::::*
cpe:2.3:a:php:php:4.3.5:::::::*
cpe:2.3:a:php:php:4.3.6:::::::*
cpe:2.3:a:php:php:4.3.7:::::::*
cpe:2.3:a:php:php:4.3.8:::::::*
cpe:2.3:a:php:php:4.3.9:::::::*
cpe:2.3:a:php:php:4.3.10:::::::*
cpe:2.3:a:php:php:4.3.11:::::::*
cpe:2.3:a:php:php:4.4.0:::::::*
cpe:2.3:a:php:php:4.4.1:::::::*
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:4.4.3:::::::*
cpe:2.3:a:php:php:4.4.4:::::::*
cpe:2.3:a:php:php:4.4.5:::::::*
cpe:2.3:a:php:php:4.4.6:::::::*
cpe:2.3:a:php:php:5.0:rc1::::::
cpe:2.3:a:php:php:5.0:rc2::::::
cpe:2.3:a:php:php:5.0:rc3::::::
cpe:2.3:a:php:php:5.0.0:::::::*
cpe:2.3:a:php:php:5.0.0:beta1::::::
cpe:2.3:a:php:php:5.0.0:beta2::::::
cpe:2.3:a:php:php:5.0.0:beta3::::::
cpe:2.3:a:php:php:5.0.0:beta4::::::
cpe:2.3:a:php:php:5.0.0:rc1::::::
cpe:2.3:a:php:php:5.0.0:rc2::::::
cpe:2.3:a:php:php:5.0.0:rc3::::::
cpe:2.3:a:php:php:5.0.1:::::::*
cpe:2.3:a:php:php:5.0.2:::::::*
cpe:2.3:a:php:php:5.0.3:::::::*
cpe:2.3:a:php:php:5.0.4:::::::*
cpe:2.3:a:php:php:5.0.5:::::::*
cpe:2.3:a:php:php:5.1.0:::::::*
cpe:2.3:a:php:php:5.1.1:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*
cpe:2.3:a:php:php:5.1.3:::::::*
cpe:2.3:a:php:php:5.1.4:::::::*
cpe:2.3:a:php:php:5.1.5:::::::*
cpe:2.3:a:php:php:5.1.6:::::::*
cpe:2.3:a:php:php:5.2.0:::::::*
cpe:2.3:a:php:php:5.2.1:::::::*