Executive Summary

Informations
Name CVE-2007-2519 First vendor Publication 2007-05-22
Vendor Cve Last vendor Modification 2017-07-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2519

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 59

OpenVAS Exploits

Date Description
2011-12-16 Name : Mandriva Update for php-pear MDVSA-2011:187 (php-pear)
File : nvt/gb_mandriva_MDVSA_2011_187.nasl
2009-04-09 Name : Mandriva Update for php-pear MDKSA-2007:110 (php-pear)
File : nvt/gb_mandriva_MDKSA_2007_110.nasl
2009-03-23 Name : Ubuntu Update for php5 vulnerabilities USN-462-1
File : nvt/gb_ubuntu_USN_462_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42108 PEAR package.xml Installer Multiple Attribute Traversal Arbitrary File Overwrite

Nessus® Vulnerability Scanner

Date Description
2011-12-16 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-187.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-462-1.nasl - Type : ACT_GATHER_INFO
2007-06-05 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2007-110.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/24111
CONFIRM http://pear.php.net/advisory-20070507.txt
http://pear.php.net/news/vulnerability2.php
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:110
OSVDB http://osvdb.org/42108
SECUNIA http://secunia.com/advisories/25372
UBUNTU http://www.ubuntu.com/usn/usn-462-1
VUPEN http://www.vupen.com/english/advisories/2007/1926
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/34482

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-04 12:05:45
  • Multiple Updates
2021-04-22 01:06:19
  • Multiple Updates
2020-05-23 00:19:43
  • Multiple Updates
2017-07-29 12:02:13
  • Multiple Updates
2016-06-28 16:27:12
  • Multiple Updates
2016-04-26 16:06:05
  • Multiple Updates
2014-02-17 10:40:08
  • Multiple Updates
2013-05-11 10:25:12
  • Multiple Updates