CVE-2007-1399 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pecl Zip	1.8.3
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:pecl_zip:1.8.3::::::::
	cpe:2.3:a:php:php:5.2.0:::::::*
	cpe:2.3:a:php:php:5.2.1:::::::*

No data.

References

Link	Providers
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
http://secunia.com/advisories/24471
http://secunia.com/advisories/24514
http://secunia.com/advisories/25938
http://www.debian.org/security/2007/dsa-1330
http://www.osvdb.org/32782
http://www.php-security.org/MOPB/MOPB-16-2007.html
http://www.securityfocus.com/bid/22883
http://www.vupen.com/english/advisories/2007/0898
https://exchange.xforce.ibmcloud.com/vulnerabilities/32889

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.30114}`	epss `{'score': 0.37109}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-10T22:00:00

Updated: 2024-08-07T12:50:35.275Z

Reserved: 2007-03-10T00:00:00

Link: CVE-2007-1399

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-10T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1399

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"name": "24514", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24514"}, {"name": "32782", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32782"}, {"name": "22883", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22883"}, {"name": "SUSE-SA:2007:020", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"name": "DSA-1330", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1330"}, {"name": "ADV-2007-0898", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"name": "24471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24471"}, {"name": "pecl-url-wrapper-bo(32889)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"name": "25938", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25938"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1399", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.php-security.org/MOPB/MOPB-16-2007.html", "refsource": "MISC", "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"name": "24514", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24514"}, {"name": "32782", "refsource": "OSVDB", "url": "http://www.osvdb.org/32782"}, {"name": "22883", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22883"}, {"name": "SUSE-SA:2007:020", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"name": "DSA-1330", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1330"}, {"name": "ADV-2007-0898", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"name": "24471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24471"}, {"name": "pecl-url-wrapper-bo(32889)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"name": "25938", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25938"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.275Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"name": "24514", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24514"}, {"name": "32782", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32782"}, {"name": "22883", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22883"}, {"name": "SUSE-SA:2007:020", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"name": "DSA-1330", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1330"}, {"name": "ADV-2007-0898", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"name": "24471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24471"}, {"name": "pecl-url-wrapper-bo(32889)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"name": "25938", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25938"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1399", "datePublished": "2007-03-10T22:00:00", "dateReserved": "2007-03-10T00:00:00", "dateUpdated": "2024-08-07T12:50:35.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pecl_zip:1.8.3:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E5644BE-E229-41B6-ACBB-C613740A2C6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el envoltorio (wrapper) de URL zip:// en PECL ZIP 1.8.3 y anteriores, como ha sido incluido en PHP 5.2.0 y 5.2.1, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una URL zip:// larga, como ha sido demostrado accediendo activamente a la URL desde un int\u00e9rprete PHP remoto mediante una subida avatar o notificaci\u00f3n de que el blog ha sido enlazado (blog pingback)."}], "id": "CVE-2007-1399", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-10T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24471"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24514"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25938"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1330"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32782"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22883"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25938"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1330"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32782"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.php-security.org/MOPB/MOPB-16-2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0898"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32889"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. The zip extension was not shipped in versions of PHP \nprovided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\nRed Hat Application Stack 1.", "lastModified": "2007-04-16T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}