Executive Summary
Summary | |
---|---|
Title | PHP: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200710-02 | First vendor Publication | 2007-10-07 |
Vendor | Gentoo | Last vendor Modification | 2007-10-07 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background Description Stefan Esser discovered an error in the zend_alter_ini_entry() function handling a memory_limit violation (CVE-2007-4659). Stefan Esser also discovered a flaw when handling interruptions with userspace error handlers that can be exploited to read arbitrary heap memory Stefan Esser reported incorrect validation in the FILTER_VALIDATE_EMAIL filter of the Filter extension allowing arbitrary email header injection (CVE-2007-1900). NOTE: This CVE was referenced, but not fixed in GLSA 200705-19. Stanislav Malyshev found an error with unknown impact in the money_format() function when processing "%i" and "%n" tokens Several vulnerabilities that allow bypassing of open_basedir and other restrictions were reported, including the glob() function Multiple Denial of Service vulnerabilities were discovered, including a long "library" parameter in the dl() function (CVE-2007-4887), in several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783), in the setlocale() function (CVE-2007-4784), in the glob() and fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point exception in the wordwrap() function (CVE-2007-3998), a stack exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop caused by a specially crafted PNG image in the png_read_info() function of libpng (CVE-2007-2756) and several issues related to array conversion. Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200710-02.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200710-02.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-20 | Improper Input Validation |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
8 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
4 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
4 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
4 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17679 | |||
Oval ID: | oval:org.mitre.oval:def:17679 | ||
Title: | USN-557-1 -- libgd2 vulnerability | ||
Description: | Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-557-1 CVE-2007-3996 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | libgd2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18620 | |||
Oval ID: | oval:org.mitre.oval:def:18620 | ||
Title: | DSA-1362-1 lighttpd - several vulnerabilities | ||
Description: | Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when mod_fcgi was enabled. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1362-1 CVE-2007-3946 CVE-2007-3947 CVE-2007-3949 CVE-2007-3950 CVE-2007-4727 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | lighttpd |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19944 | |||
Oval ID: | oval:org.mitre.oval:def:19944 | ||
Title: | DSA-1283-1 php5 | ||
Description: | Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1283-1 CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20198 | |||
Oval ID: | oval:org.mitre.oval:def:20198 | ||
Title: | DSA-1444-1 php5 several issues | ||
Description: | It was discovered that the patch for <a href="http://security-tracker.debian.org/tracker/CVE-2007-4659">CVE-2007-4659</a> could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1444-1 CVE-2007-3799 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4660 CVE-2007-4662 CVE-2007-5898 CVE-2007-5899 CVE-2007-4659 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5348 | |||
Oval ID: | oval:org.mitre.oval:def:5348 | ||
Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
Description: | Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1887 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5767 | |||
Oval ID: | oval:org.mitre.oval:def:5767 | ||
Title: | HP-UX Running Apache, Remote Execution of Arbitrary Code | ||
Description: | The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4887 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6056 | |||
Oval ID: | oval:org.mitre.oval:def:6056 | ||
Title: | HP-UX Running Apache, Remote Execution of Arbitrary Code | ||
Description: | The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3378 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6067 | |||
Oval ID: | oval:org.mitre.oval:def:6067 | ||
Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
Description: | CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1900 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7538 | |||
Oval ID: | oval:org.mitre.oval:def:7538 | ||
Title: | DSA-1444 php5 -- several vulnerabilities | ||
Description: | It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. For reference the original advisory below: Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the session_start() function allowed the insertion of attributes into the session cookie. Mattias Bengtsson and Philip Olausson discovered that a programming error in the implementation of the wordwrap() function allowed denial of service through an infinite loop. Stanislav Malyshev discovered that a format string vulnerability in the money_format() function could allow the execution of arbitrary code. Stefan Esser discovered that execution control flow inside the zend_alter_ini_entry() function is handled incorrectly in case of a memory limit violation. Gerhard Wagner discovered an integer overflow inside the chunk_split() function. Rasmus Lerdorf discovered that incorrect parsing of multibyte sequences may lead to disclosure of memory contents. It was discovered that the output_add_rewrite_var() function could leak session ID information, resulting in information disclosure. This update also fixes two bugs from the PHP 5.2.4 release which don't have security impact according to the Debian PHP security policy (CVE-2007-4657 and CVE-2007-4662), but which are fixed nonetheless. The old stable distribution (sarge) doesn't contain php5. For the stable distribution (etch), these problems have been fixed in version 5.2.0-8+etch10. For the unstable distribution (sid), these problems have been fixed in version 5.2.4-1, with the exception of CVE-2007-5898 and CVE-2007-5899, which will be fixed soon. Please note that Debian's version of PHP is hardened with the Suhosin patch beginning with version 5.2.4-1, which renders several vulnerabilities ineffective. We recommend that you upgrade your php5 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1444 CVE-2007-3799 CVE-2007-3998 CVE-2007-4657 CVE-2007-4658 CVE-2007-4660 CVE-2007-4662 CVE-2007-5898 CVE-2007-5899 CVE-2007-4659 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2007-09-10 | PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.5 File : nvt/nopsec_php_5_2_5.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.4 File : nvt/nopsec_php_5_2_4.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.3 File : nvt/nopsec_php_5_2_3.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.8 File : nvt/nopsec_php_4_4_8.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl |
2010-04-21 | Name : PHP sqlite_udf_decode_binary() Function Buffer Overflow Vulnerability File : nvt/gb_php_23235.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:264 (gd) File : nvt/mdksa_2009_264.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015662.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5012110.nasl |
2009-10-10 | Name : SLES9: Security update for gd File : nvt/sles9p5009393.nasl |
2009-06-05 | Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl |
2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
2009-05-05 | Name : HP-UX Update for Apache With PHP HPSBUX02332 File : nvt/gb_hp_ux_HPSBUX02332.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02308 File : nvt/gb_hp_ux_HPSBUX02308.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:187 (php) File : nvt/gb_mandriva_MDKSA_2007_187.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:126 (php) File : nvt/gb_mandriva_MDVSA_2008_126.nasl |
2009-04-09 | Name : Mandriva Update for tetex MDKSA-2007:124 (tetex) File : nvt/gb_mandriva_MDKSA_2007_124.nasl |
2009-04-09 | Name : Mandriva Update for libwmf MDKSA-2007:123 (libwmf) File : nvt/gb_mandriva_MDKSA_2007_123.nasl |
2009-04-09 | Name : Mandriva Update for gd MDKSA-2007:122 (gd) File : nvt/gb_mandriva_MDKSA_2007_122.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:089 (php) File : nvt/gb_mandriva_MDKSA_2007_089.nasl |
2009-03-23 | Name : Ubuntu Update for libgd2 vulnerability USN-557-1 File : nvt/gb_ubuntu_USN_557_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-549-2 File : nvt/gb_ubuntu_USN_549_2.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-549-1 File : nvt/gb_ubuntu_USN_549_1.nasl |
2009-03-23 | Name : Ubuntu Update for libgd2 vulnerabilities USN-473-1 File : nvt/gb_ubuntu_USN_473_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-455-1 File : nvt/gb_ubuntu_USN_455_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0545-01 File : nvt/gb_RHSA-2008_0545-01_php.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0544-01 File : nvt/gb_RHSA-2008_0544-01_php.nasl |
2009-03-06 | Name : RedHat Update for gd RHSA-2008:0146-01 File : nvt/gb_RHSA-2008_0146-01_gd.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 i386 File : nvt/gb_CESA-2008_0544_php_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for gd CESA-2008:0146 centos4 x86_64 File : nvt/gb_CESA-2008_0146_gd_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for gd CESA-2008:0146 centos4 i386 File : nvt/gb_CESA-2008_0146_gd_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 x86_64 File : nvt/gb_CESA-2008_0544_php_centos3_x86_64.nasl |
2009-02-27 | Name : Fedora Update for lighttpd FEDORA-2007-2132 File : nvt/gb_fedora_2007_2132_lighttpd_fc7.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-2215 File : nvt/gb_fedora_2007_2215_php_fc7.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-709 File : nvt/gb_fedora_2007_709_php_fc6.nasl |
2009-02-17 | Name : Fedora Update for php FEDORA-2008-3864 File : nvt/gb_fedora_2008_3864_php_fc8.nasl |
2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:032 File : nvt/gb_suse_2007_032.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:022 (php) File : nvt/mdksa_2009_022.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:023 (php) File : nvt/mdksa_2009_023.nasl |
2009-01-23 | Name : SuSE Update for php4, php5 SUSE-SA:2008:004 File : nvt/gb_suse_2008_004.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-05 (gd) File : nvt/glsa_200708_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-13 (ptex) File : nvt/glsa_200805_13.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-02 (php) File : nvt/glsa_200710_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-16 (lighttpd) File : nvt/glsa_200709_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-19 (php) File : nvt/glsa_200705_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-34 (cstetex) File : nvt/glsa_200711_34.nasl |
2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php51.nasl |
2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php50.nasl |
2008-09-04 | Name : FreeBSD Ports: lighttpd File : nvt/freebsd_lighttpd0.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1613-1 (libgd2) File : nvt/deb_1613_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1572-1 (php5) File : nvt/deb_1572_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1578-1 (php4) File : nvt/deb_1578_1.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1444-2 (php5) File : nvt/deb_1444_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1362-2 (lighttpd) File : nvt/deb_1362_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1444-1 (php5) File : nvt/deb_1444_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1283-1 (php5) File : nvt/deb_1283_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-152-01 php5 File : nvt/esoft_slk_ssa_2007_152_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-314-01 php File : nvt/esoft_slk_ssa_2007_314_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-045-03 php File : nvt/esoft_slk_ssa_2008_045_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58616 | PHP string.c chunk_split Function Unspecified Overflow |
45902 | PHP dl Function Traversal open_basedir Restriction Bypass |
45874 | PHP chunk_split Function Unspecified Issue |
38917 | PHP iconv_substr Function Multiple Parameter Remote DoS |
38916 | PHP Multiple Iconv* Function DoS |
38688 | PHP glibc Implementation glob() Function Overflow |
38687 | PHP glibc Implementation setlocale() Function Overflow |
38686 | PHP glibc Implementation fnmatch() Function Overflow |
38684 | PHP dl() MAXPATHLEN Argument Size Handling Weakness |
38188 | PHP glob Function Unspecified Traversal open_basedir Restriction Bypass |
36933 | lighttpd mod_fastcgi HTTP Request Header Overflow |
36870 | PHP libgd Multiple Functions Overflow |
36869 | PHP Multiple Function .htaccess php_value Directive Arbitrary Command Execution |
36868 | PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass |
36867 | PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass |
36866 | PHP Session File Symlink open_basedir Restriction Bypass |
36865 | PHP money_format Function Unspecified Issue |
36864 | PHP zend_alter_ini_entry Function Unspecified Issue |
36863 | PHP Unspecified Issue (Zend Engine) |
36862 | PHP strcspn Function Overflow |
36861 | PHP strspn Function Overflow |
36859 | PHP php_openssl_make_REQ Function Overflow |
36858 | PHP wordwrap Function breakcharlen Variable DoS |
36643 | GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Data Handl... |
36085 | PHP glob() Function flags Parameter Memory Corruption |
36084 | PHP realpath() Function Security Restriction Bypass |
36083 | PHP chunk_split Function Multiple Argument Overflows |
35788 | GD Graphics Library (libgd) gdPngReadData() Function Truncated PNG Handling DoS |
33962 | PHP ext/filter FILTER_VALIDATE_EMAIL Newline Injection PHP's ext/filter extension contains a flaw that may allow a malicious user to inject specially crafted mail headers. The issue is triggered due to the FILTER_VALIDATE_EMAIL function using an incorrect regular expression which can be trivially bypassed. By using a newline character, an attacker could potentially use this to send unsolicited e-mail from the host. |
33958 | PHP sqlite Library sqlite_udf_decode_binary() Function Overflow PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the in parameter of the sqlite_decode_binary function in the bundled sqlite library not properly sanitizing user-supplied input. By supplying crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code. |
33954 | PHP iptcembed() Function Interruption Arbitrary Memory Disclosure PHP contains a flaw that may allow a context-dependent attacker to gain access to sensitive information. The issue is due to the iptcembed function not properly handling user-supplied input. If an attacker can force an interruption that triggers a user space error handler that changes a parameter, they may be able to gain access to arbitrary portions of the system memory. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt RuleID : 17386 - Revision : 10 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-05-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-120-01.nasl - Type : ACT_GATHER_INFO |
2015-10-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-604.nasl - Type : ACT_GATHER_INFO |
2015-07-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ca139c7f2a8c11e5a4a5002590263bf5.nasl - Type : ACT_GATHER_INFO |
2014-11-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15885.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080228_gd_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12049.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-022.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-720-1.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO |
2008-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1613.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO |
2008-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1578.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1572.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
2008-02-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0146.nasl - Type : ACT_GATHER_INFO |
2008-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-045-03.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4810.nasl - Type : ACT_GATHER_INFO |
2008-01-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1444.nasl - Type : ACT_GATHER_INFO |
2008-01-03 | Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_8.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-4808.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-557-1.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gd-3748.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-2.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-549-1.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_392b5b1d947111dc9db7001c2514716c.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-314-01.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_5.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-473-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-455-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2132.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0888.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_lighttpd-4532.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gd-3747.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gd-3700.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-16.nasl - Type : ACT_GATHER_INFO |
2007-09-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO |
2007-09-17 | Name : The remote web server is affected by a buffer overflow vulnerability. File : lighttpd_fastcgi_overflow.nasl - Type : ACT_ATTACK |
2007-09-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4b673ae75f9a11dc84dd000102cc8983.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1362.nasl - Type : ACT_GATHER_INFO |
2007-09-03 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_4.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-05.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-122.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-123.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-124.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO |
2007-06-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_3.nasl - Type : ACT_GATHER_INFO |
2007-05-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO |
2007-05-04 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_7_or_5_2_2.nasl - Type : ACT_GATHER_INFO |
2007-04-30 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-089.nasl - Type : ACT_GATHER_INFO |
2007-04-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1283.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:08 |
|