PHP Printf() Function 64bit Casting Multiple Format String Vulnerabilities Network Vulnerability

Summary

PHP is prone to multiple format-string vulnerabilities due to a design error when casting 64-bit variables to 32 bits. Attackers may be able to exploit these issues to execute arbitrary code in the context of the webserver process or to cause denial-of- service conditions. These issues affect PHP versions prior to 4.4.5 and 5.2.1 running on 64-bit computers.

Solution

The vendor released versions 5.2.1 and 4.4.5 to address these issues. Please see the references for more information.

References

http://www.php-security.org/MOPB/MOPB-38-2007.html
http://www.php.net
http://www.php.net/releases/4_4_5.php
http://www.php.net/releases/5_2_1.php
http://www.securityfocus.com/bid/23219
http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01056506

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1884

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability

Take action and discover your vulnerabilities