5
CVE-2007-4784
- EPSS 2.55%
- Veröffentlicht 10.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.55% | 0.83 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
http://secunia.com/advisories/28658
http://secunia.com/advisories/27102
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://osvdb.org/38687
http://securityreason.com/securityalert/3114
http://www.securityfocus.com/archive/1/478627/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36458