CVE-2007-1380

Medium

5/10

Summary

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

References

Advisory Timeline

Published Mar 10, 2007

CVE-2007-1380

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS