Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-41ca-da3r-aufr

Summary

PHP contains several vulnerabilities including a heap buffer overflow,
    potentially leading to the remote execution of arbitrary code under certain
    conditions.

Aliases

alias	CVE-2007-0908

Fixed_packages

url	pkg:ebuild/dev-lang/php@5.2.1-r3
purl	pkg:ebuild/dev-lang/php@5.2.1-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.2.1-r3

Affected_packages

url pkg:rpm/redhat/php@4.1.2-2?arch=14

purl pkg:rpm/redhat/php@4.1.2-2?arch=14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41ca-da3r-aufr

vulnerability	VCID-51uw-rhq6-q3fx

vulnerability	VCID-58h4-t4ym-ybe7

vulnerability	VCID-9y94-qc58-hqdu

vulnerability	VCID-f32h-wt19-vqbc

vulnerability	VCID-k9c3-pumr-xffr

vulnerability	VCID-rfk2-yaxz-bqeu

vulnerability	VCID-tcu4-hqs3-vqcq

vulnerability	VCID-wrjc-wq1y-73ga

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@4.1.2-2%3Farch=14

url pkg:rpm/redhat/php@4.3.2-39?arch=ent

purl pkg:rpm/redhat/php@4.3.2-39?arch=ent

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41ca-da3r-aufr

vulnerability	VCID-51uw-rhq6-q3fx

vulnerability	VCID-58h4-t4ym-ybe7

vulnerability	VCID-9y94-qc58-hqdu

vulnerability	VCID-f32h-wt19-vqbc

vulnerability	VCID-k9c3-pumr-xffr

vulnerability	VCID-rfk2-yaxz-bqeu

vulnerability	VCID-tcu4-hqs3-vqcq

vulnerability	VCID-wrjc-wq1y-73ga

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@4.3.2-39%3Farch=ent

url pkg:rpm/redhat/php@4.3.9-3.22?arch=3

purl pkg:rpm/redhat/php@4.3.9-3.22?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41ca-da3r-aufr

vulnerability	VCID-51uw-rhq6-q3fx

vulnerability	VCID-58h4-t4ym-ybe7

vulnerability	VCID-9y94-qc58-hqdu

vulnerability	VCID-f32h-wt19-vqbc

vulnerability	VCID-k9c3-pumr-xffr

vulnerability	VCID-rfk2-yaxz-bqeu

vulnerability	VCID-tcu4-hqs3-vqcq

vulnerability	VCID-wrjc-wq1y-73ga

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@4.3.9-3.22%3Farch=3

url pkg:rpm/redhat/php@5.1.6-3.el4s1?arch=5

purl pkg:rpm/redhat/php@5.1.6-3.el4s1?arch=5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41ca-da3r-aufr

vulnerability	VCID-51uw-rhq6-q3fx

vulnerability	VCID-58h4-t4ym-ybe7

vulnerability	VCID-9y94-qc58-hqdu

vulnerability	VCID-f32h-wt19-vqbc

vulnerability	VCID-k9c3-pumr-xffr

vulnerability	VCID-rfk2-yaxz-bqeu

vulnerability	VCID-tcu4-hqs3-vqcq

vulnerability	VCID-wrjc-wq1y-73ga

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-3.el4s1%3Farch=5

url pkg:rpm/redhat/php@5.1.6-7?arch=el5

purl pkg:rpm/redhat/php@5.1.6-7?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41ca-da3r-aufr

vulnerability	VCID-51uw-rhq6-q3fx

vulnerability	VCID-58h4-t4ym-ybe7

vulnerability	VCID-9y94-qc58-hqdu

vulnerability	VCID-f32h-wt19-vqbc

vulnerability	VCID-k9c3-pumr-xffr

vulnerability	VCID-rfk2-yaxz-bqeu

vulnerability	VCID-tcu4-hqs3-vqcq

vulnerability	VCID-u2gv-h542-9bbt

vulnerability	VCID-wrjc-wq1y-73ga

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-7%3Farch=el5

References

reference_url	ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
reference_id
reference_type
scores
url	ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

reference_url	http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html
reference_id
reference_type
scores
url	http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

reference_url	http://osvdb.org/32766
reference_id
reference_type
scores
url	http://osvdb.org/32766

reference_url	http://rhn.redhat.com/errata/RHSA-2007-0089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2007-0089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0908.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0908.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-0908

reference_id

reference_type

scores

value	0.16535
scoring_system	epss
scoring_elements	0.94924
published_at	2026-04-21T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94873
published_at	2026-04-01T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94882
published_at	2026-04-02T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94885
published_at	2026-04-04T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94887
published_at	2026-04-07T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94896
published_at	2026-04-08T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.949
published_at	2026-04-09T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94905
published_at	2026-04-11T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94907
published_at	2026-04-12T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94909
published_at	2026-04-13T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.94916
published_at	2026-04-16T12:55:00Z

value	0.16535
scoring_system	epss
scoring_elements	0.9492
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-0908

reference_url	http://secunia.com/advisories/24089
reference_id
reference_type
scores
url	http://secunia.com/advisories/24089

reference_url	http://secunia.com/advisories/24195
reference_id
reference_type
scores
url	http://secunia.com/advisories/24195

reference_url	http://secunia.com/advisories/24217
reference_id
reference_type
scores
url	http://secunia.com/advisories/24217

reference_url	http://secunia.com/advisories/24236
reference_id
reference_type
scores
url	http://secunia.com/advisories/24236

reference_url	http://secunia.com/advisories/24248
reference_id
reference_type
scores
url	http://secunia.com/advisories/24248

reference_url	http://secunia.com/advisories/24284
reference_id
reference_type
scores
url	http://secunia.com/advisories/24284

reference_url	http://secunia.com/advisories/24295
reference_id
reference_type
scores
url	http://secunia.com/advisories/24295

reference_url	http://secunia.com/advisories/24322
reference_id
reference_type
scores
url	http://secunia.com/advisories/24322

reference_url	http://secunia.com/advisories/24419
reference_id
reference_type
scores
url	http://secunia.com/advisories/24419

reference_url	http://secunia.com/advisories/24421
reference_id
reference_type
scores
url	http://secunia.com/advisories/24421

reference_url	http://secunia.com/advisories/24432
reference_id
reference_type
scores
url	http://secunia.com/advisories/24432

reference_url	http://secunia.com/advisories/24514
reference_id
reference_type
scores
url	http://secunia.com/advisories/24514

reference_url	http://secunia.com/advisories/24606
reference_id
reference_type
scores
url	http://secunia.com/advisories/24606

reference_url	http://secunia.com/advisories/24642
reference_id
reference_type
scores
url	http://secunia.com/advisories/24642

reference_url	http://security.gentoo.org/glsa/glsa-200703-21.xml
reference_id
reference_type
scores
url	http://security.gentoo.org/glsa/glsa-200703-21.xml

reference_url	http://securityreason.com/securityalert/2321
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/2321

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/32493
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/32493

reference_url	https://issues.rpath.com/browse/RPL-1088
reference_id
reference_type
scores
url	https://issues.rpath.com/browse/RPL-1088

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11185
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11185

reference_url	http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm
reference_id
reference_type
scores
url	http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm

reference_url	http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm
reference_id
reference_type
scores
url	http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm

reference_url	http://www.mandriva.com/security/advisories?name=MDKSA-2007:048
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDKSA-2007:048

reference_url	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html
reference_id
reference_type
scores
url	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html

reference_url	http://www.php.net/ChangeLog-5.php#5.2.1
reference_id
reference_type
scores
url	http://www.php.net/ChangeLog-5.php#5.2.1

reference_url	http://www.php.net/releases/5_2_1.php
reference_id
reference_type
scores
url	http://www.php.net/releases/5_2_1.php

reference_url	http://www.php-security.org/MOPB/MOPB-11-2007.html
reference_id
reference_type
scores
url	http://www.php-security.org/MOPB/MOPB-11-2007.html

reference_url	http://www.redhat.com/support/errata/RHSA-2007-0076.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2007-0076.html

reference_url	http://www.redhat.com/support/errata/RHSA-2007-0081.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2007-0081.html

reference_url	http://www.redhat.com/support/errata/RHSA-2007-0082.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2007-0082.html

reference_url	http://www.redhat.com/support/errata/RHSA-2007-0088.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2007-0088.html

reference_url	http://www.securityfocus.com/archive/1/461462/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/461462/100/0/threaded

reference_url	http://www.securityfocus.com/bid/22496
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/22496

reference_url	http://www.securityfocus.com/bid/22806
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/22806

reference_url	http://www.securitytracker.com/id?1017671
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1017671

reference_url	http://www.trustix.org/errata/2007/0009/
reference_id
reference_type
scores
url	http://www.trustix.org/errata/2007/0009/

reference_url	http://www.ubuntu.com/usn/usn-424-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-424-1

reference_url	http://www.ubuntu.com/usn/usn-424-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-424-2

reference_url	http://www.us.debian.org/security/2007/dsa-1264
reference_id
reference_type
scores
url	http://www.us.debian.org/security/2007/dsa-1264

reference_url	http://www.vupen.com/english/advisories/2007/0546
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2007/0546

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1618282
reference_id	1618282
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1618282

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::
reference_id	cpe:2.3:a:php:php::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:::::::*
reference_id	cpe:2.3:a:php:php:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta1::::::
reference_id	cpe:2.3:a:php:php:4.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta2::::::
reference_id	cpe:2.3:a:php:php:4.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta3::::::
reference_id	cpe:2.3:a:php:php:4.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta4::::::
reference_id	cpe:2.3:a:php:php:4.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
reference_id	cpe:2.3:a:php:php:4.0:beta_4_patch1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:beta_4_patch1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:rc1::::::
reference_id	cpe:2.3:a:php:php:4.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:rc2::::::
reference_id	cpe:2.3:a:php:php:4.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:4.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/3414.php
reference_id	CVE-2007-0908
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/3414.php

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-0908

reference_id

CVE-2007-0908

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2007-0908

reference_url	https://security.gentoo.org/glsa/200703-21
reference_id	GLSA-200703-21
reference_type
scores
url	https://security.gentoo.org/glsa/200703-21

reference_url	https://access.redhat.com/errata/RHSA-2007:0076
reference_id	RHSA-2007:0076
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0076

reference_url	https://access.redhat.com/errata/RHSA-2007:0081
reference_id	RHSA-2007:0081
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0081

reference_url	https://access.redhat.com/errata/RHSA-2007:0082
reference_id	RHSA-2007:0082
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0082

reference_url	https://access.redhat.com/errata/RHSA-2007:0088
reference_id	RHSA-2007:0088
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0088

reference_url	https://access.redhat.com/errata/RHSA-2007:0089
reference_id	RHSA-2007:0089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2007:0089

reference_url	https://usn.ubuntu.com/424-1/
reference_id	USN-424-1
reference_type
scores
url	https://usn.ubuntu.com/424-1/

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

date_added	2007-03-03
description	PHP < 4.4.5/5.2.1 - WDDX Session Deserialization Information Leak
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2007-03-04
exploit_type	local
platform	multiple
source_date_updated	2016-09-27
data_source	Exploit-DB
source_url

Severity_range_score 5.0 - 5.0

Exploitability 2.0

Weighted_severity 4.5

Risk_score 9.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41ca-da3r-aufr

Vulnerability Instance