{
  "bugzilla" : {
    "description" : "php session extension refcount handling issue",
    "id" : "240167",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=240167"
  },
  "details" : [ "The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable." ],
  "statement" : "The PHP interpreter does not offer a reliable \"sandboxed\" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.\nThis CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0910.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-1700\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-1700" ],
  "name" : "CVE-2007-1700",
  "csaw" : false
}