CVE-2007-2748

Publication date 17 May 2007

Last updated 17 July 2025

Ubuntu priority

Description

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	7.04 feisty	Fixed 5.2.1-0ubuntu1.4
	6.10 edgy	Fixed 5.1.6-1ubuntu2.6
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.9

How can I get the fixes?
What do statuses mean?

Notes

kees

Ubuntu (and Debian) were not affected by this CVE. We used a correct fix to CVE-2007-1375, so this CVE was not a problem.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-2748