CVE-2007-4840 - OpenCVE

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://osvdb.org/38916
http://secunia.com/advisories/27102
http://secunia.com/advisories/27659
http://secunia.com/advisories/28658
http://secunia.com/advisories/30040
http://securityreason.com/securityalert/3122
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.securityfocus.com/archive/1/478730/100/0/threaded
http://www.securityfocus.com/archive/1/491693/100/0/threaded
https://issues.rpath.com/browse/RPL-1943

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-12T20:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-09-12T00:00:00

Link: CVE-2007-4840

JSON object: View

NVD Information

Status : Modified

Published: 2007-09-12T20:17:00.000

Modified: 2018-10-15T21:38:22.847

Link: CVE-2007-4840

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SA:2008:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1943"}, {"name": "28658", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28658"}, {"name": "GLSA-200710-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "20070906 PHP <= 5.2.4 multiple Iconv functions denial of service", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/478730/100/0/threaded"}, {"name": "30040", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30040"}, {"name": "27659", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27659"}, {"name": "3122", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3122"}, {"name": "SSRT080056", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"}, {"name": "HPSBUX02332", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"}, {"name": "27102", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27102"}, {"name": "38916", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38916"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4840", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SA:2008:004", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"}, {"name": "https://issues.rpath.com/browse/RPL-1943", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1943"}, {"name": "28658", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28658"}, {"name": "GLSA-200710-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"name": "20070906 PHP <= 5.2.4 multiple Iconv functions denial of service", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/478730/100/0/threaded"}, {"name": "30040", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30040"}, {"name": "27659", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27659"}, {"name": "3122", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3122"}, {"name": "SSRT080056", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"}, {"name": "HPSBUX02332", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"}, {"name": "27102", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27102"}, {"name": "38916", "refsource": "OSVDB", "url": "http://osvdb.org/38916"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4840", "datePublished": "2007-09-12T20:00:00", "dateReserved": "2007-09-12T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5B6B1C7-B7B8-495E-9FE5-FF39718DC64E", "versionEndIncluding": "5.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution."}, {"lang": "es", "value": "PHP 5.2.4 y anteriores permite a usuarios locales o remotos dependiendo del contexto provocar una denegaci\u00f3n de serviciO (ca\u00edda de aplicaci\u00f3n) mediante (1) una cadena larga en el par\u00e1metro out_charset para la funci\u00f3n iconf; o una cadena larga en el par\u00e1metro charset para las funciones (2) iconv_mime_decode_headers, (3) iconv_mime_decode, o (4) iconf_strlen. NOTA: esto no podr\u00edan ser una vulnerabilidad en la mayor\u00eda de los entornos de servidor web que soportan m\u00faltiples hilos, a no ser que se pueda demostrar que estos problemas permiten ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2007-4840", "lastModified": "2018-10-15T21:38:22.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-12T20:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38916"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27102"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27659"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28658"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30040"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3122"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/478730/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/491693/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1943"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "We do not consider this to be a security issue. For more information please see\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1\nand http://www.php.net/security-note.php", "lastModified": "2007-09-13T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}