CVE-2007-1285

HIGH

PHP 4.x < 4.4.7 and 5.x < 5.2.2 - Denial of Service via Deeply Nested Arrays

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1285. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit leverages a PHP denial-of-service vulnerability by crafting a malicious POST request with a large number of nested arrays, causing PHP to crash due to improper input sanitization.

Description

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefan Esser · textdosphp
https://www.exploit-db.com/exploits/29692

This exploit leverages a PHP denial-of-service vulnerability by crafting a malicious POST request with a large number of nested arrays, causing PHP to crash due to improper input sanitization.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP (all versions)
No auth needed
Prerequisites: Ability to send HTTP POST requests to the target server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (38)

Core 38
Core References
Exploit, Issue Tracking x_refsource_confirm
https://launchpad.net/bugs/173043
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22764
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0154.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26048
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466166/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200705-19.xml
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24941
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27864
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0162.html
Release Notes x_refsource_confirm
http://us2.php.net/releases/4_4_7.php
Release Notes x_refsource_confirm
http://www.php.net/releases/4_4_8.php
Release Notes x_refsource_confirm
http://www.php.net/ChangeLog-5.php#5.2.4
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28936
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:090
Broken Link, Exploit, Vendor Advisory x_refsource_misc
http://www.php-security.org/MOPB/MOPB-03-2007.html
Broken Link vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/549-1/
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24909
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:087
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24945
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-1268
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/32769
Release Notes x_refsource_confirm
http://us2.php.net/releases/5_2_2.php
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017771
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0082.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24924
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0155.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24910
Release Notes x_refsource_confirm
http://www.php.net/ChangeLog-4.php
Release Notes x_refsource_confirm
http://www.php.net/releases/5_2_4.php
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:089
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25445
Broken Link vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0163.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-549-2
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26642
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:088

Scores

CVSS v3 7.5
EPSS 0.1816
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-674
Status published
Products (14)
canonical/ubuntu_linux 7.10
novell/suse_linux 10.0
novell/suse_linux 10.1
php/php 4.0.0 - 4.4.7
redhat/enterprise_linux_desktop 3.0
redhat/enterprise_linux_desktop 4.0
redhat/enterprise_linux_server 2.0
redhat/enterprise_linux_server 3.0
redhat/enterprise_linux_server 4.0
redhat/enterprise_linux_workstation 2.0
... and 4 more
Published Mar 06, 2007
Tracked Since Feb 18, 2026