CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
We have discovered 128,399 live websites that are affected by CVE-2007-3806.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 128,399 live websites (1.47% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 68 versions ( 12.43% of all versions) |
Details
- Published - Jul 17, 2007
- Updated - Aug 7, 2024
CVE References
CVE-2007-3806 usage by Country
 United States | 9,260 websites |
 Taiwan | 80,866 websites |
 France | 5,966 websites |
 Germany | 5,310 websites |
 Korea, South | 4,542 websites |
 Japan | 4,280 websites |
 Russia | 2,798 websites |
 Czech Republic | 1,029 websites |
 Austria | 993 websites |
CVE-2007-3806 usage by TLD
| .com | 83,179 websites |
| .info | 4,730 websites |
| .de | 4,192 websites |
| .net | 3,877 websites |
| .ru | 2,485 websites |
| .org | 2,118 websites |
| .fr | 1,594 websites |
| .jp | 1,426 websites |
| .cz | 893 websites |
| .ch | 797 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2007-3806
Top websites that are affected by CVE-2007-3806. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.***.tw | Taiwan | *,*** | |
| **********.*****.de | Germany | *,*** | |
| ***********.jp | Japan | **,*** | |
| ****.info | France | **,*** | |
| ******.com | Taiwan | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | Taiwan | **,*** | |
| ****.com | Taiwan | **,*** | |
| *****.com | Taiwan | **,*** | |
| ******.com | Taiwan | **,*** |
FAQ
A total of 128,399 websites have been identified as vulnerable to CVE-2007-3806, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2007-3806 vulnerability.
PHP versions before 5.2.3 are vulnerable to CVE-2007-3806.
Version 5.2.3 of PHP addresses the CVE-2007-3806 security vulnerability.
References
- http://secunia.com/advisories/30288
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
- http://osvdb.org/36085
- http://www.vupen.com/english/advisories/2007/2547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35437
- http://www.exploit-db.com/exploits/4181
- http://www.debian.org/security/2008/dsa-1572
- http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
- http://www.php.net/ChangeLog-5.php#5.2.4
- http://secunia.com/advisories/30158
- http://secunia.com/advisories/26085
- http://www.debian.org/security/2008/dsa-1578
- http://secunia.com/advisories/27102
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
- http://www.php.net/releases/5_2_4.php
- http://www.securityfocus.com/bid/24922
- http://www.securityfocus.com/bid/25498
- http://secunia.com/advisories/26642