{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2007-1522","title":"Title"},{"category":"description","text":"Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2007-1522","url":"https://www.suse.com/security/cve/CVE-2007-1522"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 254869 for CVE-2007-1522","url":"https://bugzilla.suse.com/254869"},{"category":"external","summary":"Advisory link for SUSE-SA:2007:032","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M75ZIKIOUJ3WNJG5KO3CLT2MDTWAXZSZ/#M75ZIKIOUJ3WNJG5KO3CLT2MDTWAXZSZ"}],"title":"SUSE CVE CVE-2007-1522","tracking":{"current_release_date":"2023-12-09T03:41:04Z","generator":{"date":"2023-02-15T06:12:38Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2007-1522","initial_release_date":"2023-02-15T06:12:38Z","revision_history":[{"date":"2023-02-15T06:12:38Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:19:09Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:41:04Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}