Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titlephp7.0 security update
Informations
NameDSA-4353First vendor Publication2018-12-10
VendorDebianLast vendor Modification2018-12-10
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score8.5Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encoding: chunked" request and the IMAP extension performed insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.

For the stable distribution (stretch), these problems have been fixed in version 7.0.33-0+deb9u1.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.0

Original Source

Url : http://www.debian.org/security/2018/dsa-4353

CWE : Common Weakness Enumeration

%idName
20 %CWE-476NULL Pointer Dereference
20 %CWE-190Integer Overflow or Wraparound (CWE/SANS Top 25)
20 %CWE-125Out-of-bounds Read
20 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
20 %CWE-78Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application394
Application1
Os4
Os2

SAINT Exploits

DescriptionLink
Horde Imp Unauthenticated Remote Command ExecutionMore info here

Nessus® Vulnerability Scanner

DateDescription
2019-01-14Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2019-1147.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-b6072889db.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-791c3cfe21.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-7ebfe1e6f2.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-dfe1f0bac6.nasl - Type : ACT_GATHER_INFO
2018-12-17Name : The remote Debian host is missing a security update.
File : debian_DLA-1608.nasl - Type : ACT_GATHER_INFO
2018-12-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4353.nasl - Type : ACT_GATHER_INFO
2018-12-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201812-01.nasl - Type : ACT_GATHER_INFO
2018-10-19Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1090.nasl - Type : ACT_GATHER_INFO
2018-09-24Name : The remote Fedora host is missing a security update.
File : fedora_2018-25100b492c.nasl - Type : ACT_GATHER_INFO
2018-09-20Name : The remote Debian host is missing a security update.
File : debian_DLA-1509.nasl - Type : ACT_GATHER_INFO
2018-09-04Name : The remote Debian host is missing a security update.
File : debian_DLA-1490.nasl - Type : ACT_GATHER_INFO
2018-08-24Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1066.nasl - Type : ACT_GATHER_INFO
2018-08-24Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1067.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-02-04 21:21:35
  • Multiple Updates
2018-12-11 00:18:22
  • First insertion