Vulnerabilities > CVE-2007-1584 - Remote Security vulnerability in PHP 5.2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
Exploit-Db
description PHP 5.2.0 ext/filter Space Trimming Buffer Underflow Exploit (MacOSX). CVE-2007-1584. Local exploit for osx platform id EDB-ID:3460 last seen 2016-01-31 modified 2007-03-12 published 2007-03-12 reporter Stefan Esser source https://www.exploit-db.com/download/3460/ title PHP 5.2.0 ext/filter Space Trimming Buffer Underflow Exploit MacOSX description PHP 5.2.0 header() Space Trimming Buffer Underflow Exploit (MacOSX). CVE-2007-1584. Local exploit for osx platform file exploits/osx/local/3517.php id EDB-ID:3517 last seen 2016-01-31 modified 2007-03-19 platform osx port published 2007-03-19 reporter Stefan Esser source https://www.exploit-db.com/download/3517/ title PHP 5.2.0 header Space Trimming Buffer Underflow Exploit MacOSX type local
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_5_2_0.NASL |
| description | According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 31649 |
| published | 2008-03-25 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/31649 |
| title | PHP 5.x < 5.2 Multiple Vulnerabilities |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-05-01 |
| organization | Red Hat |
| statement | This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0907. |