Executive Summary
Summary | |
---|---|
Title | php5 security update |
Informations | |||
---|---|---|---|
Name | DSA-2403 | First vendor Publication | 2012-02-02 |
Vendor | Debian | Last vendor Modification | 2012-02-06 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. This update adds packages for the oldstable distribution, which were missing from the original advisory. The problem has been fixed in version 5.2.6.dfsg.1-1+lenny16, installed into the security archive on 3 Feb 2012. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7. For the unstable distribution (sid), this problem has been fixed in version 5.3.10-1. We recommend that you upgrade your php5 packages. |
Original Source
Url : http://www.debian.org/security/2012/dsa-2403 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15306 | |||
Oval ID: | oval:org.mitre.oval:def:15306 | ||
Title: | DSA-2403-1 php5 -- code injection | ||
Description: | Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2403-1 CVE-2012-0830 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15412 | |||
Oval ID: | oval:org.mitre.oval:def:15412 | ||
Title: | DSA-2403-2 php5 -- code injection | ||
Description: | Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code. This update adds packages | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2403-2 CVE-2012-0830 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | php5 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update) File : nvt/gb_suse_2012_0426_1.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-03 (php) File : nvt/glsa_201209_03.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-041-02 php File : nvt/esoft_slk_ssa_2012_041_02.nasl |
2012-08-03 | Name : Mandriva Update for php MDVSA-2012:065 (php) File : nvt/gb_mandriva_MDVSA_2012_065.nasl |
2012-07-30 | Name : CentOS Update for php53 CESA-2012:0092 centos5 File : nvt/gb_CESA-2012_0092_php53_centos5.nasl |
2012-07-30 | Name : CentOS Update for php CESA-2012:0093 centos4 File : nvt/gb_CESA-2012_0093_php_centos4.nasl |
2012-07-30 | Name : CentOS Update for php CESA-2012:0093 centos5 File : nvt/gb_CESA-2012_0093_php_centos5.nasl |
2012-07-30 | Name : CentOS Update for php CESA-2012:0093 centos6 File : nvt/gb_CESA-2012_0093_php_centos6.nasl |
2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
2012-04-02 | Name : Fedora Update for maniadrive FEDORA-2012-1262 File : nvt/gb_fedora_2012_1262_maniadrive_fc16.nasl |
2012-04-02 | Name : Fedora Update for php FEDORA-2012-1262 File : nvt/gb_fedora_2012_1262_php_fc16.nasl |
2012-03-19 | Name : Fedora Update for php-eaccelerator FEDORA-2012-1262 File : nvt/gb_fedora_2012_1262_php-eaccelerator_fc16.nasl |
2012-02-21 | Name : Fedora Update for maniadrive FEDORA-2012-1301 File : nvt/gb_fedora_2012_1301_maniadrive_fc15.nasl |
2012-02-21 | Name : Fedora Update for php-eaccelerator FEDORA-2012-1301 File : nvt/gb_fedora_2012_1301_php-eaccelerator_fc15.nasl |
2012-02-21 | Name : Fedora Update for php FEDORA-2012-1301 File : nvt/gb_fedora_2012_1301_php_fc15.nasl |
2012-02-21 | Name : Ubuntu Update for php5 USN-1358-2 File : nvt/gb_ubuntu_USN_1358_2.nasl |
2012-02-13 | Name : Ubuntu Update for php5 USN-1358-1 File : nvt/gb_ubuntu_USN_1358_1.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2403-1 (php5) File : nvt/deb_2403_1.nasl |
2012-02-12 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php514.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2403-2 (php5) File : nvt/deb_2403_2.nasl |
2012-02-10 | Name : PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows) File : nvt/gb_php_register_var_fun_arbitrary_code_exec_vuln_win.nasl |
2012-02-03 | Name : RedHat Update for php RHSA-2012:0093-01 File : nvt/gb_RHSA-2012_0093-01_php.nasl |
2012-02-03 | Name : RedHat Update for php53 RHSA-2012:0092-01 File : nvt/gb_RHSA-2012_0092-01_php53.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | generic web server hashing collision attack RuleID : 20825 - Revision : 11 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-182.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-41.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0093.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0092.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-03.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120202_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120202_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-07-05 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO |
2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
2012-04-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-065.nasl - Type : ACT_GATHER_INFO |
2012-04-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-120309.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-8009.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote web server uses a version of PHP that is affected by a code execut... File : php_5_3_9_ace.nasl - Type : ACT_ATTACK |
2012-02-15 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-1301.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1358-2.nasl - Type : ACT_GATHER_INFO |
2012-02-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-041-02.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1358-1.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-1262.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3fd040be4f0b11e19e320025900931f8.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0092.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote web server uses a version of PHP that is affected by a code execut... File : php_5_3_10.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0093.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0092.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0093.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2403.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:30:48 |
|