Description
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
References (22)
Core 22
Core References
Various Sources x_refsource_confirm
http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25187
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25191
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-462-1
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26048
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0355.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200705-19.xml
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2007/0017/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23813
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1295
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25318
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/34675
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24034
Release Notes x_refsource_confirm
http://us2.php.net/releases/5_2_2.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018023
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25255
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25445
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25372
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2007-0348.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
Scores
EPSS
0.0454
EPSS Percentile
89.3%
Details
CWE
CWE-119
Status
published
Products (41)
php/php
4.0.0
php/php
4.0.1 (3 CPE variants)
php/php
4.0.2
php/php
4.0.3 (2 CPE variants)
php/php
4.0.4 (2 CPE variants)
php/php
4.0.5
php/php
4.0.6
php/php
4.0.7 (4 CPE variants)
php/php
4.1.0
php/php
4.1.1
... and 31 more
Published
May 09, 2007
Tracked Since
Feb 18, 2026