10 - GLSA-200811-05

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	PHP: Multiple vulnerabilities

Informations
Name	GLSA-200811-05	First vendor Publication	2008-11-16
Vendor	Gentoo	Last vendor Modification	2008-11-16
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code.

Background

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.

Description

Several vulnerabilitites were found in PHP:

* PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674).

* Multiple crash issues in several PHP functions have been discovered.

* Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599).

* An off-by-one error in the metaphone() function may lead to memory corruption.

* Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384).

* Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050).

* Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051).

* Stefan Esser reported that a short-coming in PHP's algorithm of seeding the random number generator might allow for predictible random numbers (CVE-2008-2107, CVE-2008-2108).

* The IMAP extension in PHP uses obsolete c-client API calls making it vulnerable to buffer overflows as no bounds checking can be done (CVE-2008-2829).

* Tavis Ormandy reported a heap-based buffer overflow in pcre_compile.c in the PCRE version shipped by PHP when processing user-supplied regular expressions (CVE-2008-2371).

* CzechSec reported that specially crafted font files can lead to an overflow in the imageloadfont() function in ext/gd/gd.c, which is part of the GD extension (CVE-2008-3658).

* Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665,
CVE-2008-2666).

* Laurent Gaffie discovered a buffer overflow in the internal memnstr() function, which is used by the PHP function explode()
(CVE-2008-3659).

* An error in the FastCGI SAPI when processing a request with multiple dots preceding the extension (CVE-2008-3660).

Impact

These vulnerabilities might allow a remote attacker to execute arbitrary code, to cause a Denial of Service, to circumvent security restrictions, to disclose information, and to manipulate files.

Workaround

There is no known workaround at this time.

Resolution

All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.6-r6"

References

[ 1 ] CVE-2008-0599 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
[ 2 ] CVE-2008-0674 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674
[ 3 ] CVE-2008-1384 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384
[ 4 ] CVE-2008-2050 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050
[ 5 ] CVE-2008-2051 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051
[ 6 ] CVE-2008-2107 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
[ 7 ] CVE-2008-2108 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
[ 8 ] CVE-2008-2371 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371
[ 9 ] CVE-2008-2665 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665
[ 10 ] CVE-2008-2666 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666
[ 11 ] CVE-2008-2829 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829
[ 12 ] CVE-2008-3658 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
[ 13 ] CVE-2008-3659 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
[ 14 ] CVE-2008-3660 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200811-05.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200811-05.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-3	Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7	Blind SQL Injection
CAPEC-8	Buffer Overflow in an API Call
CAPEC-9	Buffer Overflow in Local Command-Line Utilities
CAPEC-10	Buffer Overflow via Environment Variables
CAPEC-13	Subverting Environment Variable Values
CAPEC-14	Client-side Injection-induced Buffer Overflow
CAPEC-18	Embedding Scripts in Nonscript Elements
CAPEC-22	Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24	Filter Failure through Buffer Overflow
CAPEC-28	Fuzzing
CAPEC-31	Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32	Embedding Scripts in HTTP Query Strings
CAPEC-42	MIME Conversion
CAPEC-43	Exploiting Multiple Input Interpretation Layers
CAPEC-45	Buffer Overflow via Symbolic Links
CAPEC-46	Overflow Variables and Tags
CAPEC-47	Buffer Overflow via Parameter Expansion
CAPEC-52	Embedding NULL Bytes
CAPEC-53	Postfix, Null Terminate, and Backslash
CAPEC-59	Session Credential Falsification through Prediction
CAPEC-63	Simple Script Injection
CAPEC-64	Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66	SQL Injection
CAPEC-67	String Format Overflow in syslog()
CAPEC-71	Using Unicode Encoding to Bypass Validation Logic
CAPEC-72	URL Encoding
CAPEC-73	User-Controlled Filename
CAPEC-78	Using Escaped Slashes in Alternate Encoding
CAPEC-79	Using Slashes in Alternate Encoding
CAPEC-80	Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81	Web Logs Tampering
CAPEC-83	XPath Injection
CAPEC-85	Client Network Footprinting (using AJAX/XSS)
CAPEC-86	Embedding Script (XSS ) in HTTP Headers
CAPEC-88	OS Command Injection
CAPEC-91	XSS in IMG Tags
CAPEC-99	XML Parser Attack
CAPEC-100	Overflow Buffers
CAPEC-101	Server Side Include (SSI) Injection
CAPEC-104	Cross Zone Scripting
CAPEC-106	Cross Site Scripting through Log Files
CAPEC-108	Command Line Execution through SQL Injection
CAPEC-109	Object Relational Mapping Injection
CAPEC-110	SQL Injection through SOAP Parameter Tampering
CAPEC-112	Brute Force
CAPEC-123	Buffer Attacks
CAPEC-171	Variable Manipulation
CAPEC-281	Analytic Attacks

CWE : Common Weakness Enumeration

%	Id	Name
38 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
15 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
15 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
8 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
8 %	CWE-331	Insufficient Entropy
8 %	CWE-131	Incorrect Calculation of Buffer Size (CWE/SANS Top 25)
8 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10256

Oval ID:	oval:org.mitre.oval:def:10256
Title:	The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
Description:	The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2051	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-48.ent AND php-pgsql is earlier than 0:4.3.2-48.ent AND php-mysql is earlier than 0:4.3.2-48.ent AND php-ldap is earlier than 0:4.3.2-48.ent AND php-imap is earlier than 0:4.3.2-48.ent AND php-odbc is earlier than 0:4.3.2-48.ent AND php-devel is earlier than 0:4.3.2-48.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.12 AND php-snmp is earlier than 0:4.3.9-3.22.12 AND php-domxml is earlier than 0:4.3.9-3.22.12 AND php-mysql is earlier than 0:4.3.9-3.22.12 AND php-imap is earlier than 0:4.3.9-3.22.12 AND php-gd is earlier than 0:4.3.9-3.22.12 AND php is earlier than 0:4.3.9-3.22.12 AND php-mbstring is earlier than 0:4.3.9-3.22.12 AND php-pgsql is earlier than 0:4.3.9-3.22.12 AND php-pear is earlier than 0:4.3.9-3.22.12 AND php-ldap is earlier than 0:4.3.9-3.22.12 AND php-odbc is earlier than 0:4.3.9-3.22.12 AND php-ncurses is earlier than 0:4.3.9-3.22.12 AND php-devel is earlier than 0:4.3.9-3.22.12 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-20.el5_2.1 AND php-soap is earlier than 0:5.1.6-20.el5_2.1 AND php-common is earlier than 0:5.1.6-20.el5_2.1 AND php-mysql is earlier than 0:5.1.6-20.el5_2.1 AND php-imap is earlier than 0:5.1.6-20.el5_2.1 AND php-gd is earlier than 0:5.1.6-20.el5_2.1 AND php is earlier than 0:5.1.6-20.el5_2.1 AND php-mbstring is earlier than 0:5.1.6-20.el5_2.1 AND php-pgsql is earlier than 0:5.1.6-20.el5_2.1 AND php-xml is earlier than 0:5.1.6-20.el5_2.1 AND php-ldap is earlier than 0:5.1.6-20.el5_2.1 AND php-odbc is earlier than 0:5.1.6-20.el5_2.1 AND php-ncurses is earlier than 0:5.1.6-20.el5_2.1 AND php-devel is earlier than 0:5.1.6-20.el5_2.1 AND php-xmlrpc is earlier than 0:5.1.6-20.el5_2.1 AND php-snmp is earlier than 0:5.1.6-20.el5_2.1 AND php-pdo is earlier than 0:5.1.6-20.el5_2.1 AND php-dba is earlier than 0:5.1.6-20.el5_2.1 AND php-cli is earlier than 0:5.1.6-20.el5_2.1

Definition Id: oval:org.mitre.oval:def:10644

Oval ID:	oval:org.mitre.oval:def:10644
Title:	The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
Description:	The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2107	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-48.ent AND php-pgsql is earlier than 0:4.3.2-48.ent AND php-mysql is earlier than 0:4.3.2-48.ent AND php-ldap is earlier than 0:4.3.2-48.ent AND php-imap is earlier than 0:4.3.2-48.ent AND php-odbc is earlier than 0:4.3.2-48.ent AND php-devel is earlier than 0:4.3.2-48.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.12 AND php-snmp is earlier than 0:4.3.9-3.22.12 AND php-domxml is earlier than 0:4.3.9-3.22.12 AND php-mysql is earlier than 0:4.3.9-3.22.12 AND php-imap is earlier than 0:4.3.9-3.22.12 AND php-gd is earlier than 0:4.3.9-3.22.12 AND php is earlier than 0:4.3.9-3.22.12 AND php-mbstring is earlier than 0:4.3.9-3.22.12 AND php-pgsql is earlier than 0:4.3.9-3.22.12 AND php-pear is earlier than 0:4.3.9-3.22.12 AND php-ldap is earlier than 0:4.3.9-3.22.12 AND php-odbc is earlier than 0:4.3.9-3.22.12 AND php-ncurses is earlier than 0:4.3.9-3.22.12 AND php-devel is earlier than 0:4.3.9-3.22.12 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-20.el5_2.1 AND php-soap is earlier than 0:5.1.6-20.el5_2.1 AND php-common is earlier than 0:5.1.6-20.el5_2.1 AND php-mysql is earlier than 0:5.1.6-20.el5_2.1 AND php-imap is earlier than 0:5.1.6-20.el5_2.1 AND php-gd is earlier than 0:5.1.6-20.el5_2.1 AND php is earlier than 0:5.1.6-20.el5_2.1 AND php-mbstring is earlier than 0:5.1.6-20.el5_2.1 AND php-pgsql is earlier than 0:5.1.6-20.el5_2.1 AND php-xml is earlier than 0:5.1.6-20.el5_2.1 AND php-ldap is earlier than 0:5.1.6-20.el5_2.1 AND php-odbc is earlier than 0:5.1.6-20.el5_2.1 AND php-ncurses is earlier than 0:5.1.6-20.el5_2.1 AND php-devel is earlier than 0:5.1.6-20.el5_2.1 AND php-xmlrpc is earlier than 0:5.1.6-20.el5_2.1 AND php-snmp is earlier than 0:5.1.6-20.el5_2.1 AND php-pdo is earlier than 0:5.1.6-20.el5_2.1 AND php-dba is earlier than 0:5.1.6-20.el5_2.1 AND php-cli is earlier than 0:5.1.6-20.el5_2.1

Definition Id: oval:org.mitre.oval:def:10844

Oval ID:	oval:org.mitre.oval:def:10844
Title:	The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
Description:	The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2108	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-48.ent AND php-pgsql is earlier than 0:4.3.2-48.ent AND php-mysql is earlier than 0:4.3.2-48.ent AND php-ldap is earlier than 0:4.3.2-48.ent AND php-imap is earlier than 0:4.3.2-48.ent AND php-odbc is earlier than 0:4.3.2-48.ent AND php-devel is earlier than 0:4.3.2-48.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.12 AND php-snmp is earlier than 0:4.3.9-3.22.12 AND php-domxml is earlier than 0:4.3.9-3.22.12 AND php-mysql is earlier than 0:4.3.9-3.22.12 AND php-imap is earlier than 0:4.3.9-3.22.12 AND php-gd is earlier than 0:4.3.9-3.22.12 AND php is earlier than 0:4.3.9-3.22.12 AND php-mbstring is earlier than 0:4.3.9-3.22.12 AND php-pgsql is earlier than 0:4.3.9-3.22.12 AND php-pear is earlier than 0:4.3.9-3.22.12 AND php-ldap is earlier than 0:4.3.9-3.22.12 AND php-odbc is earlier than 0:4.3.9-3.22.12 AND php-ncurses is earlier than 0:4.3.9-3.22.12 AND php-devel is earlier than 0:4.3.9-3.22.12 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-20.el5_2.1 AND php-soap is earlier than 0:5.1.6-20.el5_2.1 AND php-common is earlier than 0:5.1.6-20.el5_2.1 AND php-mysql is earlier than 0:5.1.6-20.el5_2.1 AND php-imap is earlier than 0:5.1.6-20.el5_2.1 AND php-gd is earlier than 0:5.1.6-20.el5_2.1 AND php is earlier than 0:5.1.6-20.el5_2.1 AND php-mbstring is earlier than 0:5.1.6-20.el5_2.1 AND php-pgsql is earlier than 0:5.1.6-20.el5_2.1 AND php-xml is earlier than 0:5.1.6-20.el5_2.1 AND php-ldap is earlier than 0:5.1.6-20.el5_2.1 AND php-odbc is earlier than 0:5.1.6-20.el5_2.1 AND php-ncurses is earlier than 0:5.1.6-20.el5_2.1 AND php-devel is earlier than 0:5.1.6-20.el5_2.1 AND php-xmlrpc is earlier than 0:5.1.6-20.el5_2.1 AND php-snmp is earlier than 0:5.1.6-20.el5_2.1 AND php-pdo is earlier than 0:5.1.6-20.el5_2.1 AND php-dba is earlier than 0:5.1.6-20.el5_2.1 AND php-cli is earlier than 0:5.1.6-20.el5_2.1

Definition Id: oval:org.mitre.oval:def:13589

Oval ID:	oval:org.mitre.oval:def:13589
Title:	USN-624-2 -- erlang vulnerability
Description:	USN-624-1 fixed a vulnerability in PCRE. This update provides the corresponding update for Erlang. Original advisory details: Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.
Family:	unix	Class:	patch
Reference(s):	USN-624-2 CVE-2008-2371	Version:	5
Platform(s):	Ubuntu 9.10	Product(s):	erlang
Definition Synopsis:
Ubuntu 9.10 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section erlang-mode DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-examples DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-src DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section erlang-gs DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-x11 DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-asn1 DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-inets DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-snmp DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-docbuilder DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-odbc DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-typer DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-tv DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-observer DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-os-mon DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-syntax-tools DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-toolbar DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-ssl DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-dev DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-ssh DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-megaco DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-appmon DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-ic DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-runtime-tools DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-eunit DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-tools DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-pman DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-percept DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-debugger DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-parsetools DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-public-key DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-inviso DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-common-test DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-corba DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-reltool DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-xmerl DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-nox DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-test-server DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-webtool DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-mnesia DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-edoc DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-crypto DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-base DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-et DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 AND erlang-dialyzer DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1 OR Architecture depended section Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND erlang-base-hipe DPKG is earlier than 13.b.1-dfsg-2ubuntu1.1

Definition Id: oval:org.mitre.oval:def:16801

Oval ID:	oval:org.mitre.oval:def:16801
Title:	USN-581-1 -- pcre3 vulnerability
Description:	It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences.
Family:	unix	Class:	patch
Reference(s):	USN-581-1 CVE-2008-0674	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	pcre3
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libpcre3 DPKG is earlier than 7.4-0ubuntu0.6.06.2 AND Release section Ubuntu 6.10 is installed AND libpcre3 DPKG is earlier than 7.4-0ubuntu0.6.10.2 AND Release section Ubuntu 7.04 is installed AND libpcre3 DPKG is earlier than 7.4-0ubuntu0.7.04.2 AND Release section Ubuntu 7.10 is installed AND libpcre3 DPKG is earlier than 7.4-0ubuntu0.7.10.2

Definition Id: oval:org.mitre.oval:def:17537

Oval ID:	oval:org.mitre.oval:def:17537
Title:	USN-624-1 -- pcre3 vulnerability
Description:	Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options.
Family:	unix	Class:	patch
Reference(s):	USN-624-1 CVE-2008-2371	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	pcre3
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libpcre3 DPKG is earlier than 7.4-0ubuntu0.6.06.3 AND Release section Ubuntu 7.04 is installed AND libpcre3 DPKG is earlier than 7.4-0ubuntu0.7.04.3 AND Release section Ubuntu 7.10 is installed AND libpcre3 DPKG is earlier than 7.4-0ubuntu0.7.10.3 AND Release section Ubuntu 8.04 is installed AND libpcre3 DPKG is earlier than 7.4-1ubuntu2.1

Definition Id: oval:org.mitre.oval:def:17737

Oval ID:	oval:org.mitre.oval:def:17737
Title:	USN-628-1 -- php5 vulnerabilities
Description:	It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function.
Family:	unix	Class:	patch
Reference(s):	USN-628-1 CVE-2007-4782 CVE-2007-4850 CVE-2007-5898 CVE-2007-5899 CVE-2008-0599 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 CVE-2008-2107 CVE-2008-2108 CVE-2008-2371 CVE-2008-2829	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04	Product(s):	php5
Definition Synopsis:
Release section Ubuntu 6.06 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 5.1.2-1ubuntu3.12 AND php5-cgi DPKG is earlier than 5.1.2-1ubuntu3.12 AND php5-cli DPKG is earlier than 5.1.2-1ubuntu3.12 AND php5-curl DPKG is earlier than 5.1.2-1ubuntu3.12 AND Release section Ubuntu 7.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 5.2.1-0ubuntu1.6 AND php5-cgi DPKG is earlier than 5.2.1-0ubuntu1.6 AND php5-cli DPKG is earlier than 5.2.1-0ubuntu1.6 AND php5-curl DPKG is earlier than 5.2.1-0ubuntu1.6 AND Release section Ubuntu 7.10 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 5.2.3-1ubuntu6.4 AND php5-cgi DPKG is earlier than 5.2.3-1ubuntu6.4 AND php5-cli DPKG is earlier than 5.2.3-1ubuntu6.4 AND php5-curl DPKG is earlier than 5.2.3-1ubuntu6.4 AND Release section Ubuntu 8.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 5.2.4-2ubuntu5.3 AND php5-cgi DPKG is earlier than 5.2.4-2ubuntu5.3 AND php5-cli DPKG is earlier than 5.2.4-2ubuntu5.3 AND php5-curl DPKG is earlier than 5.2.4-2ubuntu5.3

Definition Id: oval:org.mitre.oval:def:18224

Oval ID:	oval:org.mitre.oval:def:18224
Title:	DSA-1578-1 php4 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language.
Family:	unix	Class:	patch
Reference(s):	DSA-1578-1 CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	php4
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND php4 DPKG is earlier than 6:4.4.4-8+etch6

Definition Id: oval:org.mitre.oval:def:18599

Oval ID:	oval:org.mitre.oval:def:18599
Title:	DSA-1572-1 php5 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language.
Family:	unix	Class:	patch
Reference(s):	DSA-1572-1 CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	php5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND php5 DPKG is earlier than 5.2.0-8+etch11

Definition Id: oval:org.mitre.oval:def:18659

Oval ID:	oval:org.mitre.oval:def:18659
Title:	DSA-1602-1 pcre3 - arbitrary code execution
Description:	Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution.
Family:	unix	Class:	patch
Reference(s):	DSA-1602-1 CVE-2008-2371	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	pcre3
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND pcre3 DPKG is earlier than 6.7+7.4-4

Definition Id: oval:org.mitre.oval:def:18757

Oval ID:	oval:org.mitre.oval:def:18757
Title:	DSA-1499-1 pcre3 - arbitrary code execution
Description:	It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (<a href="http://security-tracker.debian.org/tracker/CVE-2008-0674">CVE-2008-0674</a>).
Family:	unix	Class:	patch
Reference(s):	DSA-1499-1 CVE-2008-0674	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	pcre3
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND pcre3 DPKG is earlier than 6.7+7.4-3

Definition Id: oval:org.mitre.oval:def:20236

Oval ID:	oval:org.mitre.oval:def:20236
Title:	DSA-1647-1 php5 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language.
Family:	unix	Class:	patch
Reference(s):	DSA-1647-1 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	php5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND php5 DPKG is earlier than 0:5.2.0-8+etch13

Definition Id: oval:org.mitre.oval:def:22394

Oval ID:	oval:org.mitre.oval:def:22394
Title:	ELSA-2008:0544: php security update (Moderate)
Description:	The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0544-01 CVE-2008-2051 CVE-2007-5898 CVE-2007-5899 CVE-2007-4782 CVE-2008-2107 CVE-2008-2108	Version:	29
Platform(s):	Oracle Linux 5	Product(s):	php
Definition Synopsis:
Oracle Linux 5.x rpm test php-gd is earlier than 0:5.1.6-20.el5_2.1 AND php-soap is earlier than 0:5.1.6-20.el5_2.1 AND php-common is earlier than 0:5.1.6-20.el5_2.1 AND php-odbc is earlier than 0:5.1.6-20.el5_2.1 AND php-mysql is earlier than 0:5.1.6-20.el5_2.1 AND php is earlier than 0:5.1.6-20.el5_2.1 AND php-xmlrpc is earlier than 0:5.1.6-20.el5_2.1 AND php-cli is earlier than 0:5.1.6-20.el5_2.1 AND php-mbstring is earlier than 0:5.1.6-20.el5_2.1 AND php-pgsql is earlier than 0:5.1.6-20.el5_2.1 AND php-xml is earlier than 0:5.1.6-20.el5_2.1 AND php-dba is earlier than 0:5.1.6-20.el5_2.1 AND php-devel is earlier than 0:5.1.6-20.el5_2.1 AND php-ncurses is earlier than 0:5.1.6-20.el5_2.1 AND php-snmp is earlier than 0:5.1.6-20.el5_2.1 AND php-imap is earlier than 0:5.1.6-20.el5_2.1 AND php-bcmath is earlier than 0:5.1.6-20.el5_2.1 AND php-pdo is earlier than 0:5.1.6-20.el5_2.1 AND php-ldap is earlier than 0:5.1.6-20.el5_2.1

Definition Id: oval:org.mitre.oval:def:29150

Oval ID:	oval:org.mitre.oval:def:29150
Title:	RHSA-2008:0544 -- php security update (Moderate)
Description:	Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmdfunction did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmdand execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051)
Family:	unix	Class:	patch
Reference(s):	RHSA-2008:0544 CESA-2008:0544-CentOS 3 CESA-2008:0544-CentOS 5 CVE-2007-4782 CVE-2007-5898 CVE-2007-5899 CVE-2008-2051 CVE-2008-2107 CVE-2008-2108	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 CentOS Linux 3 CentOS Linux 5	Product(s):	php
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section php is earlier than 0:5.1.6-20.el5_2.1 AND php-bcmath is earlier than 0:5.1.6-20.el5_2.1 AND php-cli is earlier than 0:5.1.6-20.el5_2.1 AND php-common is earlier than 0:5.1.6-20.el5_2.1 AND php-dba is earlier than 0:5.1.6-20.el5_2.1 AND php-devel is earlier than 0:5.1.6-20.el5_2.1 AND php-gd is earlier than 0:5.1.6-20.el5_2.1 AND php-imap is earlier than 0:5.1.6-20.el5_2.1 AND php-ldap is earlier than 0:5.1.6-20.el5_2.1 AND php-mbstring is earlier than 0:5.1.6-20.el5_2.1 AND php-mysql is earlier than 0:5.1.6-20.el5_2.1 AND php-ncurses is earlier than 0:5.1.6-20.el5_2.1 AND php-odbc is earlier than 0:5.1.6-20.el5_2.1 AND php-pdo is earlier than 0:5.1.6-20.el5_2.1 AND php-pgsql is earlier than 0:5.1.6-20.el5_2.1 AND php-snmp is earlier than 0:5.1.6-20.el5_2.1 AND php-soap is earlier than 0:5.1.6-20.el5_2.1 AND php-xml is earlier than 0:5.1.6-20.el5_2.1 AND php-xmlrpc is earlier than 0:5.1.6-20.el5_2.1 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section php is earlier than 0:4.3.2-48.ent AND php-devel is earlier than 0:4.3.2-48.ent AND php-imap is earlier than 0:4.3.2-48.ent AND php-ldap is earlier than 0:4.3.2-48.ent AND php-mysql is earlier than 0:4.3.2-48.ent AND php-odbc is earlier than 0:4.3.2-48.ent AND php-pgsql is earlier than 0:4.3.2-48.ent

Definition Id: oval:org.mitre.oval:def:5510

Oval ID:	oval:org.mitre.oval:def:5510
Title:	HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code
Description:	The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0599	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02342 HP Release B.11.11 AND filesets tests hpuxwsAPACHE.PHP version is less than B.2.0.59.04.2 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.04.2 OR Criteria meets HP Security Bulletin HPSBUX02342 platforms HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests hpuxwsAPCH32.PHP version is less than B.2.0.59.04.2 AND hpuxwsAPCH32.PHP2 version is less than B.2.0.59.04.2 AND hpuxwsAPACHE.PHP version is less than B.2.0.59.04.2 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.04.2

Definition Id: oval:org.mitre.oval:def:7744

Oval ID:	oval:org.mitre.oval:def:7744
Title:	DSA-1602 pcre3 -- buffer overflow
Description:	Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution.
Family:	unix	Class:	patch
Reference(s):	DSA-1602 CVE-2008-2371	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	pcre3
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages section pcregrep is earlier than 6.7+7.4-4 AND libpcre3-dev is earlier than 6.7+7.4-4 AND libpcre3 is earlier than 6.7+7.4-4 AND libpcrecpp0 is earlier than 6.7+7.4-4

Definition Id: oval:org.mitre.oval:def:7886

Oval ID:	oval:org.mitre.oval:def:7886
Title:	DSA-1499 pcre3 -- buffer overflow
Description:	It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674).
Family:	unix	Class:	patch
Reference(s):	DSA-1499 CVE-2008-0674	Version:	3
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 3.1	Product(s):	pcre3
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND Packages section libpcre3 is earlier than 6.7+7.4-3 AND libpcre3-dev is earlier than 6.7+7.4-3 AND pcregrep is earlier than 6.7+7.4-3 AND libpcrecpp0 is earlier than 6.7+7.4-3 OR Release section Debian GNU/Linux 3.1 is installed AND Architecture section Architecture independent section Installed architecture is all AND pgrep is earlier than 4.5+7.4-2 AND libpcre3 is earlier than 4.5+7.4-2 AND libpcre3-dev is earlier than 4.5+7.4-2 AND pcregrep is earlier than 4.5+7.4-2

Definition Id: oval:org.mitre.oval:def:7889

Oval ID:	oval:org.mitre.oval:def:7889
Title:	DSA-1572 php5 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. Stack-based buffer overflow in the FastCGI SAPI. The escapeshellcmd API function could be attacked via incomplete multibyte chars.
Family:	unix	Class:	patch
Reference(s):	DSA-1572 CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	php5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section php-pear is earlier than 5.2.0-8+etch11 AND php5 is earlier than 5.2.0-8+etch11 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libapache-mod-php5 is earlier than 5.2.0-8+etch11 AND php5-recode is earlier than 5.2.0-8+etch11 AND php5-cgi is earlier than 5.2.0-8+etch11 AND php5-curl is earlier than 5.2.0-8+etch11 AND php5-snmp is earlier than 5.2.0-8+etch11 AND php5-mysql is earlier than 5.2.0-8+etch11 AND php5-odbc is earlier than 5.2.0-8+etch11 AND php5-xsl is earlier than 5.2.0-8+etch11 AND php5-gd is earlier than 5.2.0-8+etch11 AND libapache2-mod-php5 is earlier than 5.2.0-8+etch11 AND php5-mhash is earlier than 5.2.0-8+etch11 AND php5-tidy is earlier than 5.2.0-8+etch11 AND php5-mcrypt is earlier than 5.2.0-8+etch11 AND php5-dev is earlier than 5.2.0-8+etch11 AND php5-pgsql is earlier than 5.2.0-8+etch11 AND php5-xmlrpc is earlier than 5.2.0-8+etch11 AND php5-imap is earlier than 5.2.0-8+etch11 AND php5-sqlite is earlier than 5.2.0-8+etch11 AND php5-ldap is earlier than 5.2.0-8+etch11 AND php5-cli is earlier than 5.2.0-8+etch11 AND php5-sybase is earlier than 5.2.0-8+etch11 AND php5-pspell is earlier than 5.2.0-8+etch11 AND php5-common is earlier than 5.2.0-8+etch11 OR Architecture dependent section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND php5-interbase is earlier than 5.2.0-8+etch11

Definition Id: oval:org.mitre.oval:def:8065

Oval ID:	oval:org.mitre.oval:def:8065
Title:	DSA-1578 php4 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. A denial of service was possible through a malicious script abusing the glob() function. Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. The escapeshellcmd API function could be attacked via incomplete multibyte chars.
Family:	unix	Class:	patch
Reference(s):	DSA-1578 CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	php4
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section php4 is earlier than 6:4.4.4-8+etch6 AND php4-pear is earlier than 6:4.4.4-8+etch6 AND libapache-mod-php4 is earlier than 6:4.4.4-8+etch6 AND php4-recode is earlier than 6:4.4.4-8+etch6 AND php4-xslt is earlier than 6:4.4.4-8+etch6 AND php4-mcal is earlier than 6:4.4.4-8+etch6 AND php4-domxml is earlier than 6:4.4.4-8+etch6 AND php4-mhash is earlier than 6:4.4.4-8+etch6 AND php4-snmp is earlier than 6:4.4.4-8+etch6 AND libapache2-mod-php4 is earlier than 6:4.4.4-8+etch6 AND php4-cli is earlier than 6:4.4.4-8+etch6 AND php4-mcrypt is earlier than 6:4.4.4-8+etch6 AND php4-gd is earlier than 6:4.4.4-8+etch6 AND php4-mysql is earlier than 6:4.4.4-8+etch6 AND php4-imap is earlier than 6:4.4.4-8+etch6 AND php4-cgi is earlier than 6:4.4.4-8+etch6 AND php4-pgsql is earlier than 6:4.4.4-8+etch6 AND php4-odbc is earlier than 6:4.4.4-8+etch6 AND php4-dev is earlier than 6:4.4.4-8+etch6 AND php4-pspell is earlier than 6:4.4.4-8+etch6 AND php4-ldap is earlier than 6:4.4.4-8+etch6 AND php4-common is earlier than 6:4.4.4-8+etch6 AND php4-curl is earlier than 6:4.4.4-8+etch6 AND php4-sybase is earlier than 6:4.4.4-8+etch6 OR Architecture dependent section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND php4-interbase is earlier than 6:4.4.4-8+etch6

Definition Id: oval:org.mitre.oval:def:8084

Oval ID:	oval:org.mitre.oval:def:8084
Title:	DSA-1647 php5 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: Buffer overflow in the imageloadfont function allows a denial of service or code execution through a crafted font file. Buffer overflow in the memnstr function allows a denial of service or code execution via a crafted delimiter parameter to the explode function. Denial of service is possible in the FastCGI module by a remote attacker by making a request with multiple dots before the extension.
Family:	unix	Class:	patch
Reference(s):	DSA-1647 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	php5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section php-pear is earlier than 5.2.0-8+etch13 AND php5 is earlier than 5.2.0-8+etch13 AND libapache-mod-php5 is earlier than 5.2.0-8+etch13 AND php5-recode is earlier than 5.2.0-8+etch13 AND php5-xmlrpc is earlier than 5.2.0-8+etch13 AND php5-curl is earlier than 5.2.0-8+etch13 AND php5-snmp is earlier than 5.2.0-8+etch13 AND php5-mysql is earlier than 5.2.0-8+etch13 AND php5-odbc is earlier than 5.2.0-8+etch13 AND php5-xsl is earlier than 5.2.0-8+etch13 AND php5-gd is earlier than 5.2.0-8+etch13 AND libapache2-mod-php5 is earlier than 5.2.0-8+etch13 AND php5-mhash is earlier than 5.2.0-8+etch13 AND php5-tidy is earlier than 5.2.0-8+etch13 AND php5-mcrypt is earlier than 5.2.0-8+etch13 AND php5-dev is earlier than 5.2.0-8+etch13 AND php5-pgsql is earlier than 5.2.0-8+etch13 AND php5-cgi is earlier than 5.2.0-8+etch13 AND php5-imap is earlier than 5.2.0-8+etch13 AND php5-sqlite is earlier than 5.2.0-8+etch13 AND php5-ldap is earlier than 5.2.0-8+etch13 AND php5-cli is earlier than 5.2.0-8+etch13 AND php5-sybase is earlier than 5.2.0-8+etch13 AND php5-pspell is earlier than 5.2.0-8+etch13 AND php5-common is earlier than 5.2.0-8+etch13 OR Architecture dependent section Supported architectures section Installed architecture is i386 AND Installed architecture is amd64 AND php5-interbase is earlier than 5.2.0-8+etch13

Definition Id: oval:org.mitre.oval:def:9597

Oval ID:	oval:org.mitre.oval:def:9597
Title:	PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
Description:	PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-3660	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-51.ent AND php-pgsql is earlier than 0:4.3.2-51.ent AND php-mysql is earlier than 0:4.3.2-51.ent AND php-ldap is earlier than 0:4.3.2-51.ent AND php-imap is earlier than 0:4.3.2-51.ent AND php-odbc is earlier than 0:4.3.2-51.ent AND php-devel is earlier than 0:4.3.2-51.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.15 AND php-snmp is earlier than 0:4.3.9-3.22.15 AND php-domxml is earlier than 0:4.3.9-3.22.15 AND php-mysql is earlier than 0:4.3.9-3.22.15 AND php-imap is earlier than 0:4.3.9-3.22.15 AND php-gd is earlier than 0:4.3.9-3.22.15 AND php is earlier than 0:4.3.9-3.22.15 AND php-mbstring is earlier than 0:4.3.9-3.22.15 AND php-pgsql is earlier than 0:4.3.9-3.22.15 AND php-pear is earlier than 0:4.3.9-3.22.15 AND php-ldap is earlier than 0:4.3.9-3.22.15 AND php-odbc is earlier than 0:4.3.9-3.22.15 AND php-ncurses is earlier than 0:4.3.9-3.22.15 AND php-devel is earlier than 0:4.3.9-3.22.15 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-23.2.el5_3 AND php-soap is earlier than 0:5.1.6-23.2.el5_3 AND php-common is earlier than 0:5.1.6-23.2.el5_3 AND php-mysql is earlier than 0:5.1.6-23.2.el5_3 AND php-imap is earlier than 0:5.1.6-23.2.el5_3 AND php-gd is earlier than 0:5.1.6-23.2.el5_3 AND php is earlier than 0:5.1.6-23.2.el5_3 AND php-mbstring is earlier than 0:5.1.6-23.2.el5_3 AND php-pgsql is earlier than 0:5.1.6-23.2.el5_3 AND php-xml is earlier than 0:5.1.6-23.2.el5_3 AND php-ldap is earlier than 0:5.1.6-23.2.el5_3 AND php-odbc is earlier than 0:5.1.6-23.2.el5_3 AND php-ncurses is earlier than 0:5.1.6-23.2.el5_3 AND php-devel is earlier than 0:5.1.6-23.2.el5_3 AND php-xmlrpc is earlier than 0:5.1.6-23.2.el5_3 AND php-snmp is earlier than 0:5.1.6-23.2.el5_3 AND php-pdo is earlier than 0:5.1.6-23.2.el5_3 AND php-dba is earlier than 0:5.1.6-23.2.el5_3 AND php-cli is earlier than 0:5.1.6-23.2.el5_3

Definition Id: oval:org.mitre.oval:def:9724

Oval ID:	oval:org.mitre.oval:def:9724
Title:	Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Description:	Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-3658	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-51.ent AND php-pgsql is earlier than 0:4.3.2-51.ent AND php-mysql is earlier than 0:4.3.2-51.ent AND php-ldap is earlier than 0:4.3.2-51.ent AND php-imap is earlier than 0:4.3.2-51.ent AND php-odbc is earlier than 0:4.3.2-51.ent AND php-devel is earlier than 0:4.3.2-51.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.15 AND php-snmp is earlier than 0:4.3.9-3.22.15 AND php-domxml is earlier than 0:4.3.9-3.22.15 AND php-mysql is earlier than 0:4.3.9-3.22.15 AND php-imap is earlier than 0:4.3.9-3.22.15 AND php-gd is earlier than 0:4.3.9-3.22.15 AND php is earlier than 0:4.3.9-3.22.15 AND php-mbstring is earlier than 0:4.3.9-3.22.15 AND php-pgsql is earlier than 0:4.3.9-3.22.15 AND php-pear is earlier than 0:4.3.9-3.22.15 AND php-ldap is earlier than 0:4.3.9-3.22.15 AND php-odbc is earlier than 0:4.3.9-3.22.15 AND php-ncurses is earlier than 0:4.3.9-3.22.15 AND php-devel is earlier than 0:4.3.9-3.22.15 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-23.2.el5_3 AND php-soap is earlier than 0:5.1.6-23.2.el5_3 AND php-common is earlier than 0:5.1.6-23.2.el5_3 AND php-mysql is earlier than 0:5.1.6-23.2.el5_3 AND php-imap is earlier than 0:5.1.6-23.2.el5_3 AND php-gd is earlier than 0:5.1.6-23.2.el5_3 AND php is earlier than 0:5.1.6-23.2.el5_3 AND php-mbstring is earlier than 0:5.1.6-23.2.el5_3 AND php-pgsql is earlier than 0:5.1.6-23.2.el5_3 AND php-xml is earlier than 0:5.1.6-23.2.el5_3 AND php-ldap is earlier than 0:5.1.6-23.2.el5_3 AND php-odbc is earlier than 0:5.1.6-23.2.el5_3 AND php-ncurses is earlier than 0:5.1.6-23.2.el5_3 AND php-devel is earlier than 0:5.1.6-23.2.el5_3 AND php-xmlrpc is earlier than 0:5.1.6-23.2.el5_3 AND php-snmp is earlier than 0:5.1.6-23.2.el5_3 AND php-pdo is earlier than 0:5.1.6-23.2.el5_3 AND php-dba is earlier than 0:5.1.6-23.2.el5_3 AND php-cli is earlier than 0:5.1.6-23.2.el5_3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Mac Os X cpe:2.3:a:apple:mac_os_x::::::::	1
Application	Pcre cpe:2.3:a:pcre:pcre:7.7:::::::* cpe:2.3:a:pcre:pcre:6.1:::::::* cpe:2.3:a:pcre:pcre:6.0:::::::* cpe:2.3:a:pcre:pcre:5.0:::::::* cpe:2.3:a:pcre:pcre::::::::	5
Application	Php cpe:2.3:a:php:php:5.2.7:-:::::: cpe:2.3:a:php:php:5.2.7:rc1:::::: cpe:2.3:a:php:php:5.2.7:rc2:::::: cpe:2.3:a:php:php:5.2.7:rc3:::::: cpe:2.3:a:php:php:5.2.7:rc4:::::: cpe:2.3:a:php:php:5.2.7:rc5:::::: cpe:2.3:a:php:php:5.2.6:-:::::: cpe:2.3:a:php:php:5.2.6:rc1:::::: cpe:2.3:a:php:php:5.2.6:rc2:::::: cpe:2.3:a:php:php:5.2.6:rc3:::::: cpe:2.3:a:php:php:5.2.6:rc4:::::: cpe:2.3:a:php:php:5.2.6:rc5:::::: cpe:2.3:a:php:php:5.2.5:-:::::: cpe:2.3:a:php:php:5.2.5:rc1:::::: cpe:2.3:a:php:php:5.2.5:rc2:::::: cpe:2.3:a:php:php:5.2.4:-:::::: cpe:2.3:a:php:php:5.2.4::windows::::: cpe:2.3:a:php:php:5.2.4:rc1:::::: cpe:2.3:a:php:php:5.2.4:rc2:::::: cpe:2.3:a:php:php:5.2.4:rc3:::::: cpe:2.3:a:php:php:5.2.3:-:::::: cpe:2.3:a:php:php:5.2.3:rc1:::::: cpe:2.3:a:php:php:5.2.2:-:::::: cpe:2.3:a:php:php:5.2.2:rc1:::::: cpe:2.3:a:php:php:5.2.2:rc2:::::: cpe:2.3:a:php:php:5.2.1:-:::::: cpe:2.3:a:php:php:5.2.1:rc1:::::: cpe:2.3:a:php:php:5.2.1:rc2:::::: cpe:2.3:a:php:php:5.2.1:rc3:::::: cpe:2.3:a:php:php:5.2.1:rc4:::::: cpe:2.3:a:php:php:5.2.0:::::::* cpe:2.3:a:php:php:5.2.0:rc1:::::: cpe:2.3:a:php:php:5.2.0:rc2:::::: cpe:2.3:a:php:php:5.2.0:rc3:::::: cpe:2.3:a:php:php:5.2.0:rc4:::::: cpe:2.3:a:php:php:5.2.0:rc5:::::: cpe:2.3:a:php:php:5.2.0:rc6:::::: cpe:2.3:a:php:php:5.1.6:::::::* cpe:2.3:a:php:php:5.1.5:-:::::: cpe:2.3:a:php:php:5.1.5:rc1:::::: cpe:2.3:a:php:php:5.1.4:::::::* cpe:2.3:a:php:php:5.1.3:::::::* cpe:2.3:a:php:php:5.1.3:rc1:::::: cpe:2.3:a:php:php:5.1.3:rc2:::::: cpe:2.3:a:php:php:5.1.3:rc3:::::: cpe:2.3:a:php:php:5.1.2:-:::::: cpe:2.3:a:php:php:5.1.2:rc1:::::: cpe:2.3:a:php:php:5.1.2:rc2:::::: cpe:2.3:a:php:php:5.1.1:::::::* cpe:2.3:a:php:php:5.1.0:-:::::: cpe:2.3:a:php:php:5.1.0:beta1:::::: cpe:2.3:a:php:php:5.1.0:beta2:::::: cpe:2.3:a:php:php:5.1.0:beta3:::::: cpe:2.3:a:php:php:5.1.0:rc1:::::: cpe:2.3:a:php:php:5.1.0:rc2:::::: cpe:2.3:a:php:php:5.1.0:rc2-pre:::::: cpe:2.3:a:php:php:5.1.0:rc3:::::: cpe:2.3:a:php:php:5.1.0:rc4:::::: cpe:2.3:a:php:php:5.1.0:rc5:::::: cpe:2.3:a:php:php:5.1.0:rc6:::::: cpe:2.3:a:php:php:5.0.5:-:::::: cpe:2.3:a:php:php:5.0.5:rc1:::::: cpe:2.3:a:php:php:5.0.5:rc2:::::: cpe:2.3:a:php:php:5.0.4:-:::::: cpe:2.3:a:php:php:5.0.4:rc1:::::: cpe:2.3:a:php:php:5.0.4:rc2:::::: cpe:2.3:a:php:php:5.0.3:-:::::: cpe:2.3:a:php:php:5.0.3:rc1:::::: cpe:2.3:a:php:php:5.0.3:rc2:::::: cpe:2.3:a:php:php:5.0.2:-:::::: cpe:2.3:a:php:php:5.0.2:rc1:::::: cpe:2.3:a:php:php:5.0.1:-:::::: cpe:2.3:a:php:php:5.0.1:beta1:::::: cpe:2.3:a:php:php:5.0.1:rc1:::::: cpe:2.3:a:php:php:5.0.1:rc2:::::: cpe:2.3:a:php:php:5.0.0:beta3:::::: cpe:2.3:a:php:php:5.0.0:rc3:::::: cpe:2.3:a:php:php:5.0.0:beta1:::::: cpe:2.3:a:php:php:5.0.0:beta4:::::: cpe:2.3:a:php:php:5.0.0:rc1:::::: cpe:2.3:a:php:php:5.0.0:beta2:::::: cpe:2.3:a:php:php:5.0.0:rc2:::::: cpe:2.3:a:php:php:5.0.0:-:::::: cpe:2.3:a:php:php:5.0:rc1:::::: cpe:2.3:a:php:php:5.0:rc3:::::: cpe:2.3:a:php:php:5.0:rc2:::::: cpe:2.3:a:php:php:5:::::::* cpe:2.3:a:php:php:4.4.9:-:::::: cpe:2.3:a:php:php:4.4.9:rc1:::::: cpe:2.3:a:php:php:4.4.8:-:::::: cpe:2.3:a:php:php:4.4.8:rc1:::::: cpe:2.3:a:php:php:4.4.7:-:::::: cpe:2.3:a:php:php:4.4.7:rc1:::::: cpe:2.3:a:php:php:4.4.6:-:::::: cpe:2.3:a:php:php:4.4.6:rc1:::::: cpe:2.3:a:php:php:4.4.5:-:::::: cpe:2.3:a:php:php:4.4.5:rc1:::::: cpe:2.3:a:php:php:4.4.5:rc2:::::: cpe:2.3:a:php:php:4.4.4:-:::::: cpe:2.3:a:php:php:4.4.4:rc1:::::: cpe:2.3:a:php:php:4.4.3:-:::::: cpe:2.3:a:php:php:4.4.3:rc1:::::: cpe:2.3:a:php:php:4.4.3:rc2:::::: cpe:2.3:a:php:php:4.4.2:-:::::: cpe:2.3:a:php:php:4.4.2:rc1:::::: cpe:2.3:a:php:php:4.4.2:rc2:::::: cpe:2.3:a:php:php:4.4.1:-:::::: cpe:2.3:a:php:php:4.4.1:rc1:::::: cpe:2.3:a:php:php:4.4.0:-:::::: cpe:2.3:a:php:php:4.4.0:rc1:::::: cpe:2.3:a:php:php:4.4.0:rc2:::::: cpe:2.3:a:php:php:4.3.9:::::::* cpe:2.3:a:php:php:4.3.9:rc1:::::: cpe:2.3:a:php:php:4.3.9:rc2:::::: cpe:2.3:a:php:php:4.3.9:rc3:::::: cpe:2.3:a:php:php:4.3.8:::::::* cpe:2.3:a:php:php:4.3.7:-:::::: cpe:2.3:a:php:php:4.3.7:rc1:::::: cpe:2.3:a:php:php:4.3.6:-:::::: cpe:2.3:a:php:php:4.3.6:rc1:::::: cpe:2.3:a:php:php:4.3.6:rc2:::::: cpe:2.3:a:php:php:4.3.6:rc3:::::: cpe:2.3:a:php:php:4.3.5:-:::::: cpe:2.3:a:php:php:4.3.5:rc1:::::: cpe:2.3:a:php:php:4.3.5:rc2:::::: cpe:2.3:a:php:php:4.3.5:rc3:::::: cpe:2.3:a:php:php:4.3.5:rc4:::::: cpe:2.3:a:php:php:4.3.4:-:::::: cpe:2.3:a:php:php:4.3.4:rc1:::::: cpe:2.3:a:php:php:4.3.4:rc2:::::: cpe:2.3:a:php:php:4.3.4:rc3:::::: cpe:2.3:a:php:php:4.3.3:-:::::: cpe:2.3:a:php:php:4.3.3:rc1:::::: cpe:2.3:a:php:php:4.3.3:rc2:::::: cpe:2.3:a:php:php:4.3.3:rc3:::::: cpe:2.3:a:php:php:4.3.3:rc4:::::: cpe:2.3:a:php:php:4.3.2:-:::::: cpe:2.3:a:php:php:4.3.2:rc1:::::: cpe:2.3:a:php:php:4.3.2:rc2:::::: cpe:2.3:a:php:php:4.3.2:rc3:::::: cpe:2.3:a:php:php:4.3.2:rc4:::::: cpe:2.3:a:php:php:4.3.11:-:::::: cpe:2.3:a:php:php:4.3.11:rc1:::::: cpe:2.3:a:php:php:4.3.11:rc2:::::: cpe:2.3:a:php:php:4.3.10:-:::::: cpe:2.3:a:php:php:4.3.10:rc1:::::: cpe:2.3:a:php:php:4.3.10:rc2:::::: cpe:2.3:a:php:php:4.3.1:::::::* cpe:2.3:a:php:php:4.3.0:-:::::: cpe:2.3:a:php:php:4.3.0:alpha1:::::: cpe:2.3:a:php:php:4.3.0:alpha2:::::: cpe:2.3:a:php:php:4.3.0:alpha3:::::: cpe:2.3:a:php:php:4.3.0:dev:::::: cpe:2.3:a:php:php:4.3.0:pre1:::::: cpe:2.3:a:php:php:4.3.0:pre2:::::: cpe:2.3:a:php:php:4.3.0:rc1:::::: cpe:2.3:a:php:php:4.3.0:rc2:::::: cpe:2.3:a:php:php:4.3.0:rc3:::::: cpe:2.3:a:php:php:4.3.0:rc4:::::: cpe:2.3:a:php:php:4.2.3:-:::::: cpe:2.3:a:php:php:4.2.3:rc1:::::: cpe:2.3:a:php:php:4.2.3:rc2:::::: cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.2.1:-:::::: cpe:2.3:a:php:php:4.2.1:rc1:::::: cpe:2.3:a:php:php:4.2.1:rc2:::::: cpe:2.3:a:php:php:4.2.0:-:::::: cpe:2.3:a:php:php:4.2.0:rc1:::::: cpe:2.3:a:php:php:4.2.0:rc2:::::: cpe:2.3:a:php:php:4.2.0:rc3:::::: cpe:2.3:a:php:php:4.2.0:rc4:::::: cpe:2.3:a:php:php:4.2::dev::::: cpe:2.3:a:php:php:4.1.2:::::::* cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.1.0:-:::::: cpe:2.3:a:php:php:4.1.0:rc1:::::: cpe:2.3:a:php:php:4.1.0:rc2:::::: cpe:2.3:a:php:php:4.1.0:rc3:::::: cpe:2.3:a:php:php:4.1.0:rc4:::::: cpe:2.3:a:php:php:4.1.0:rc5:::::: cpe:2.3:a:php:php:4.0.7:rc3:::::: cpe:2.3:a:php:php:4.0.7:rc2:::::: cpe:2.3:a:php:php:4.0.7:rc4:::::: cpe:2.3:a:php:php:4.0.7:rc1:::::: cpe:2.3:a:php:php:4.0.7:-:::::: cpe:2.3:a:php:php:4.0.6:-:::::: cpe:2.3:a:php:php:4.0.6:rc1:::::: cpe:2.3:a:php:php:4.0.6:rc2:::::: cpe:2.3:a:php:php:4.0.6:rc3:::::: cpe:2.3:a:php:php:4.0.6:rc4:::::: cpe:2.3:a:php:php:4.0.5:-:::::: cpe:2.3:a:php:php:4.0.5:rc1:::::: cpe:2.3:a:php:php:4.0.5:rc2:::::: cpe:2.3:a:php:php:4.0.5:rc3:::::: cpe:2.3:a:php:php:4.0.5:rc4:::::: cpe:2.3:a:php:php:4.0.5:rc5:::::: cpe:2.3:a:php:php:4.0.5:rc6:::::: cpe:2.3:a:php:php:4.0.5:rc7:::::: cpe:2.3:a:php:php:4.0.5:rc8:::::: cpe:2.3:a:php:php:4.0.4pl1:::::::* cpe:2.3:a:php:php:4.0.4:patch1:::::: cpe:2.3:a:php:php:4.0.4:-:::::: cpe:2.3:a:php:php:4.0.4:rc1:::::: cpe:2.3:a:php:php:4.0.4:rc2:::::: cpe:2.3:a:php:php:4.0.4:rc3:::::: cpe:2.3:a:php:php:4.0.4:rc4:::::: cpe:2.3:a:php:php:4.0.4:rc5:::::: cpe:2.3:a:php:php:4.0.4:rc6:::::: cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.0.3:patch1:::::: cpe:2.3:a:php:php:4.0.3:rc1:::::: cpe:2.3:a:php:php:4.0.3:rc2:::::: cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.0.2:rc1:::::: cpe:2.3:a:php:php:4.0.1:patch2:::::: cpe:2.3:a:php:php:4.0.1:patch1:::::: cpe:2.3:a:php:php:4.0.1:-:::::: cpe:2.3:a:php:php:4.0.1:rc:::::: cpe:2.3:a:php:php:4.0.1:rc2:::::: cpe:2.3:a:php:php:4.0.0:::::::* cpe:2.3:a:php:php:4.0:beta1:::::: cpe:2.3:a:php:php:4.0:beta2:::::: cpe:2.3:a:php:php:4.0:beta3:::::: cpe:2.3:a:php:php:4.0:beta4:::::: cpe:2.3:a:php:php:4.0:beta_4_patch1:::::: cpe:2.3:a:php:php:4.0:rc1:::::: cpe:2.3:a:php:php:4.0:rc2:::::: cpe:2.3:a:php:php:4.0:-:::::: cpe:2.3:a:php:php:4:::::::* cpe:2.3:a:php:php:3.0.9:::::::* cpe:2.3:a:php:php:3.0.8:::::::* cpe:2.3:a:php:php:3.0.7:::::::* cpe:2.3:a:php:php:3.0.6:::::::* cpe:2.3:a:php:php:3.0.5:::::::* cpe:2.3:a:php:php:3.0.4:::::::* cpe:2.3:a:php:php:3.0.3:::::::* cpe:2.3:a:php:php:3.0.2:::::::* cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:3.0.17:::::::* cpe:2.3:a:php:php:3.0.16:::::::* cpe:2.3:a:php:php:3.0.15:::::::* cpe:2.3:a:php:php:3.0.14:::::::* cpe:2.3:a:php:php:3.0.13:::::::* cpe:2.3:a:php:php:3.0.12:::::::* cpe:2.3:a:php:php:3.0.11:::::::* cpe:2.3:a:php:php:3.0.10:::::::* cpe:2.3:a:php:php:3.0.1:::::::* cpe:2.3:a:php:php:3.0:::::::* cpe:2.3:a:php:php:2.0b10:::::::* cpe:2.3:a:php:php:2.0.2:::::::* cpe:2.3:a:php:php:2.0.1:::::::* cpe:2.3:a:php:php:2.0.0:-:::::: cpe:2.3:a:php:php:2.0.0:alpha1:::::: cpe:2.3:a:php:php:2.0.0:alpha2:::::: cpe:2.3:a:php:php:2.0.0:beta1:::::: cpe:2.3:a:php:php:2.0.0:rc1:::::: cpe:2.3:a:php:php:2.0:::::::* cpe:2.3:a:php:php:1.5:::::::* cpe:2.3:a:php:php:1.4:::::::* cpe:2.3:a:php:php:1.3.5:::::::* cpe:2.3:a:php:php:1.3.1:::::::* cpe:2.3:a:php:php:1.3:-:::::: cpe:2.3:a:php:php:1.3:beta2:::::: cpe:2.3:a:php:php:1.3:beta3:::::: cpe:2.3:a:php:php:1.3:beta6:::::: cpe:2.3:a:php:php:1.2.5:::::::* cpe:2.3:a:php:php:1.2.4:::::::* cpe:2.3:a:php:php:1.2.3:::::::* cpe:2.3:a:php:php:1.2.2:::::::* cpe:2.3:a:php:php:1.2.1:::::::* cpe:2.3:a:php:php:1.2.0:::::::* cpe:2.3:a:php:php:1.2:::::::* cpe:2.3:a:php:php:1.1.1:::::::* cpe:2.3:a:php:php:1.1.0:::::::* cpe:2.3:a:php:php:1.1:::::::* cpe:2.3:a:php:php:1.0.4:::::::* cpe:2.3:a:php:php:1.0.3:::::::* cpe:2.3:a:php:php:1.0.2:::::::* cpe:2.3:a:php:php:1.0.1:::::::* cpe:2.3:a:php:php:1.0.0:-:::::: cpe:2.3:a:php:php:1.0.0:rc1:::::: cpe:2.3:a:php:php:1.0:beta1:::::: cpe:2.3:a:php:php:1.0:beta2:::::: cpe:2.3:a:php:php:1.0:beta3:::::: cpe:2.3:a:php:php:1.0:rc1:::::: cpe:2.3:a:php:php:1.0:rc2:::::: cpe:2.3:a:php:php:0.91:::::::* cpe:2.3:a:php:php:0.90:::::::* cpe:2.3:a:php:php:0.9.4:::::::* cpe:2.3:a:php:php:0.9.3:::::::* cpe:2.3:a:php:php:0.9.2:::::::* cpe:2.3:a:php:php:0.9.1:::::::* cpe:2.3:a:php:php:0.9.0:::::::* cpe:2.3:a:php:php:0.9:::::::* cpe:2.3:a:php:php:0.7:::::::* cpe:2.3:a:php:php:0.6:::::::* cpe:2.3:a:php:php:0.5.3:::::::* cpe:2.3:a:php:php:0.5.2:::::::* cpe:2.3:a:php:php:0.5:::::::* cpe:2.3:a:php:php:0.4:::::::* cpe:2.3:a:php:php:0.3:::::::* cpe:2.3:a:php:php:0.2.4:::::::* cpe:2.3:a:php:php:0.2.3:::::::* cpe:2.3:a:php:php:0.2.2:::::::* cpe:2.3:a:php:php:0.2.1:::::::* cpe:2.3:a:php:php:0.2.0:::::::* cpe:2.3:a:php:php:0.2:::::::* cpe:2.3:a:php:php:0.11:::::::* cpe:2.3:a:php:php:0.10:::::::* cpe:2.3:a:php:php:0.1.1:::::::* cpe:2.3:a:php:php:0.1:::::::* cpe:2.3:a:php:php:::::::: cpe:2.3:a:php:php:-:::::::*	313
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:::::: cpe:2.3:o:apple:mac_os_x:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x:10.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x:10.4.8::macbook::::: cpe:2.3:o:apple:mac_os_x:10.4.8::mac_mini::::: cpe:2.3:o:apple:mac_os_x:10.4.8::macbook_pro::::: cpe:2.3:o:apple:mac_os_x:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x:10.4.:::::::* cpe:2.3:o:apple:mac_os_x:10.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x:10.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x:10.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x:10.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x:10.0:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:o:apple:mac_os_x:-:::::::*	59
Os	Apple Mac Os X Server cpe:2.3:o:apple:mac_os_x_server:10.5.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.10:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.8:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.7:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.6:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.5:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.4:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.3:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.2:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.1:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0.0:::::::* cpe:2.3:o:apple:mac_os_x_server:10.0:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.3:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.2:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.15:::::::* cpe:2.3:o:apple:mac_os_x_server:5.0.14:::::::* cpe:2.3:o:apple:mac_os_x_server::::::::	57
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::	8
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:4.0:::::::*	1
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:9:::::::* cpe:2.3:o:fedoraproject:fedora:8:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:10.3:::::::*	1

OpenVAS Exploits

Date	Description
2012-06-21	Name : PHP version smaller than 5.2.7 File : nvt/nopsec_php_5_2_7.nasl
2012-06-21	Name : PHP version smaller than 5.2.6 File : nvt/nopsec_php_5_2_6.nasl
2012-06-21	Name : PHP version smaller than 5.2.5 File : nvt/nopsec_php_5_2_5.nasl
2012-06-21	Name : PHP < 4.4.9 File : nvt/nopsec_php_4_4_9.nasl
2012-06-21	Name : PHP version smaller than 4.4.8 File : nvt/nopsec_php_4_4_8.nasl
2011-08-09	Name : CentOS Update for php CESA-2009:0337 centos4 i386 File : nvt/gb_CESA-2009_0337_php_centos4_i386.nasl
2011-08-09	Name : CentOS Update for php CESA-2009:0337 centos3 i386 File : nvt/gb_CESA-2009_0337_php_centos3_i386.nasl
2011-08-09	Name : CentOS Update for php CESA-2009:0338 centos5 i386 File : nvt/gb_CESA-2009_0338_php_centos5_i386.nasl
2010-05-12	Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003 File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl
2010-05-12	Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl
2010-05-12	Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl
2010-05-12	Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-04-19	Name : PHP FastCGI Module File Extension Denial Of Service Vulnerabilities File : nvt/gb_php_31612.nasl
2010-04-19	Name : PHP Multiple Buffer Overflow Vulnerabilities File : nvt/gb_php_30649.nasl
2010-04-09	Name : Ubuntu Update for erlang vulnerability USN-624-2 File : nvt/gb_ubuntu_USN_624_2.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-22	Name : HP-UX Update for Apache-based Web Server HPSBUX02465 File : nvt/gb_hp_ux_HPSBUX02465.nasl
2009-10-13	Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php1.nasl
2009-10-13	Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php2.nasl
2009-07-17	Name : HP-UX Update for Apache Web Server Suite HPSBUX02431 File : nvt/gb_hp_ux_HPSBUX02431.nasl
2009-06-05	Name : Ubuntu USN-769-1 (libwmf) File : nvt/ubuntu_769_1.nasl
2009-06-05	Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl
2009-06-05	Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl
2009-06-05	Name : Fedora Core 10 FEDORA-2009-3768 (maniadrive) File : nvt/fcore_2009_3768.nasl
2009-06-05	Name : Fedora Core 9 FEDORA-2009-3848 (maniadrive) File : nvt/fcore_2009_3848.nasl
2009-05-11	Name : Debian Security Advisory DSA 1789-1 (php5) File : nvt/deb_1789_1.nasl
2009-05-05	Name : HP-UX Update for Apache Web Server Suite HPSBUX02401 File : nvt/gb_hp_ux_HPSBUX02401.nasl
2009-05-05	Name : HP-UX Update for Apache with PHP HPSBUX02342 File : nvt/gb_hp_ux_HPSBUX02342.nasl
2009-04-15	Name : RedHat Security Advisory RHSA-2009:0337 File : nvt/RHSA_2009_0337.nasl
2009-04-15	Name : RedHat Security Advisory RHSA-2009:0338 File : nvt/RHSA_2009_0338.nasl
2009-04-15	Name : RedHat Security Advisory RHSA-2009:0350 File : nvt/RHSA_2009_0350.nasl
2009-04-15	Name : CentOS Security Advisory CESA-2009:0338 (php) File : nvt/ovcesa2009_0338.nasl
2009-04-15	Name : CentOS Security Advisory CESA-2009:0337 (php) File : nvt/ovcesa2009_0337.nasl
2009-04-09	Name : Mandriva Update for pcre MDVSA-2008:053 (pcre) File : nvt/gb_mandriva_MDVSA_2008_053.nasl
2009-04-09	Name : Mandriva Update for php MDVSA-2008:126 (php) File : nvt/gb_mandriva_MDVSA_2008_126.nasl
2009-04-09	Name : Mandriva Update for php MDVSA-2008:127 (php) File : nvt/gb_mandriva_MDVSA_2008_127.nasl
2009-04-09	Name : Mandriva Update for php MDVSA-2008:128 (php) File : nvt/gb_mandriva_MDVSA_2008_128.nasl
2009-04-09	Name : Mandriva Update for pcre MDVSA-2008:147 (pcre) File : nvt/gb_mandriva_MDVSA_2008_147.nasl
2009-03-23	Name : Ubuntu Update for pcre3 vulnerability USN-581-1 File : nvt/gb_ubuntu_USN_581_1.nasl
2009-03-23	Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl
2009-03-23	Name : Ubuntu Update for pcre3 vulnerability USN-624-1 File : nvt/gb_ubuntu_USN_624_1.nasl
2009-03-06	Name : RedHat Update for php RHSA-2008:0544-01 File : nvt/gb_RHSA-2008_0544-01_php.nasl
2009-03-06	Name : RedHat Update for php RHSA-2008:0545-01 File : nvt/gb_RHSA-2008_0545-01_php.nasl
2009-03-06	Name : RedHat Update for php RHSA-2008:0546-01 File : nvt/gb_RHSA-2008_0546-01_php.nasl
2009-02-27	Name : CentOS Update for php CESA-2008:0544 centos3 x86_64 File : nvt/gb_CESA-2008_0544_php_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for php CESA-2008:0546-01 centos2 i386 File : nvt/gb_CESA-2008_0546-01_php_centos2_i386.nasl
2009-02-27	Name : CentOS Update for php CESA-2008:0544 centos3 i386 File : nvt/gb_CESA-2008_0544_php_centos3_i386.nasl
2009-02-17	Name : Fedora Update for glib2 FEDORA-2008-6048 File : nvt/gb_fedora_2008_6048_glib2_fc9.nasl
2009-02-17	Name : Fedora Update for pcre FEDORA-2008-6111 File : nvt/gb_fedora_2008_6111_pcre_fc8.nasl
2009-02-17	Name : Fedora Update for pcre FEDORA-2008-6110 File : nvt/gb_fedora_2008_6110_pcre_fc9.nasl
2009-02-17	Name : Fedora Update for glib2 FEDORA-2008-6025 File : nvt/gb_fedora_2008_6025_glib2_fc8.nasl
2009-02-17	Name : Fedora Update for php FEDORA-2008-3864 File : nvt/gb_fedora_2008_3864_php_fc8.nasl
2009-02-17	Name : Fedora Update for php FEDORA-2008-3606 File : nvt/gb_fedora_2008_3606_php_fc9.nasl
2009-02-16	Name : Fedora Update for glib2 FEDORA-2008-1533 File : nvt/gb_fedora_2008_1533_glib2_fc8.nasl
2009-02-16	Name : Fedora Update for pcre FEDORA-2008-1783 File : nvt/gb_fedora_2008_1783_pcre_fc8.nasl
2009-02-16	Name : Fedora Update for pcre FEDORA-2008-1842 File : nvt/gb_fedora_2008_1842_pcre_fc7.nasl
2009-01-26	Name : Mandrake Security Advisory MDVSA-2009:022 (php) File : nvt/mdksa_2009_022.nasl
2009-01-26	Name : Mandrake Security Advisory MDVSA-2009:024 (php4) File : nvt/mdksa_2009_024.nasl
2009-01-26	Name : Mandrake Security Advisory MDVSA-2009:023 (php) File : nvt/mdksa_2009_023.nasl
2009-01-26	Name : Mandrake Security Advisory MDVSA-2009:021 (php) File : nvt/mdksa_2009_021.nasl
2008-12-10	Name : FreeBSD Ports: php5 File : nvt/freebsd_php54.nasl
2008-11-19	Name : Gentoo Security Advisory GLSA 200811-05 (php) File : nvt/glsa_200811_05.nasl
2008-10-09	Name : Debian Security Advisory DSA 1647-1 (php5) File : nvt/deb_1647_1.nasl
2008-10-07	Name : Multiple Vulnerabilities in PHP August-08 File : nvt/gb_php_mult_vuln_aug08.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200807-03 (libpcre glib) File : nvt/glsa_200807_03.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200803-24 (libpcre glib) File : nvt/glsa_200803_24.nasl
2008-09-04	Name : FreeBSD Ports: php5 File : nvt/freebsd_php52.nasl
2008-09-04	Name : FreeBSD Ports: pcre File : nvt/freebsd_pcre1.nasl
2008-09-04	Name : FreeBSD Ports: php5-posix File : nvt/freebsd_php5-posix.nasl
2008-07-15	Name : Debian Security Advisory DSA 1602-1 (pcre3) File : nvt/deb_1602_1.nasl
2008-05-27	Name : Debian Security Advisory DSA 1578-1 (php4) File : nvt/deb_1578_1.nasl
2008-05-27	Name : Debian Security Advisory DSA 1572-1 (php5) File : nvt/deb_1572_1.nasl
2008-02-28	Name : Debian Security Advisory DSA 1499-1 (pcre3) File : nvt/deb_1499_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-210-09 pcre File : nvt/esoft_slk_ssa_2008_210_09.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-339-01 php File : nvt/esoft_slk_ssa_2008_339_01.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-128-01 php File : nvt/esoft_slk_ssa_2008_128_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
47798	PHP ext/gd/gd.c imageloadfont Function Crafted Font File Handling Overflow
47797	PHP memnstr Function explode Function delimiter Argument Overflow DoS
47796	PHP FastCGI Module Extension Malformed Request Handling Remote DoS
46690	Perl-Compatible Regular Expression (PCRE) pcre_compile.c Crafted Pattern Hand...
46641	PHP php_imap.c Obsolete API Crafted IMAP Request Overflow DoS
46639	PHP ftok Function http URL Argument safe_mode Restriction Bypass
46638	PHP chdir Function http URL Argument safe_mode Restriction Bypass
46584	PHP posix_access Function HTTP URL Traversal safe_mode Restriction Bypass
44910	PHP GENERATE_SEED Macro Multiplication Precision Weakness Random Functions Ba...
44909	PHP GENERATE_SEED Macro Seed Prediction Weakness Random Functions Based Prote...
44908	PHP escapeshellcmd API Function Multibyte Chars Unspecified Issue
44907	PHP FastCGI SAPI (fastcgi.c) Unspecified Overflow
44906	PHP cgi_main.c PATH_TRANSLATED Length Calculation Unspecified Issue
44057	PHP formatted_print.c php_sprintf_appendstring Function printf Format Variabl...
41989	Perl-Compatible Regular Expression (PCRE) Character Class Handling Remote DoS

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0337.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0338.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090406_php_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-04-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-2.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0338.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5580.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-080625.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-080820.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-081114.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_pcre-080623.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3848.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3768.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-05-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1789.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-021.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-147.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-128.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-022.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-053.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-720-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-127.nasl - Type : ACT_GATHER_INFO
2009-04-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0337.nasl - Type : ACT_GATHER_INFO
2009-04-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0338.nasl - Type : ACT_GATHER_INFO
2009-04-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0337.nasl - Type : ACT_GATHER_INFO
2008-12-08	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_27d01223c45711dda7210030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-05	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_2_7.nasl - Type : ACT_GATHER_INFO
2008-12-05	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-339-01.nasl - Type : ACT_GATHER_INFO
2008-12-02	Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5787.nasl - Type : ACT_GATHER_INFO
2008-11-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO
2008-10-16	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5661.nasl - Type : ACT_GATHER_INFO
2008-10-10	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-10-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1647.nasl - Type : ACT_GATHER_INFO
2008-09-17	Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5546.nasl - Type : ACT_GATHER_INFO
2008-09-05	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ee6fa2bd406a11dd936a0015af872849.nasl - Type : ACT_GATHER_INFO
2008-08-08	Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_9.nasl - Type : ACT_GATHER_INFO
2008-08-01	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO
2008-07-29	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-09.nasl - Type : ACT_GATHER_INFO
2008-07-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO
2008-07-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2008-07-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2008-07-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0546.nasl - Type : ACT_GATHER_INFO
2008-07-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2008-07-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-1.nasl - Type : ACT_GATHER_INFO
2008-07-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-03.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6025.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote openSUSE host is missing a security update. File : suse_pcre-5366.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6111.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6110.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2008-6048.nasl - Type : ACT_GATHER_INFO
2008-07-08	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1602.nasl - Type : ACT_GATHER_INFO
2008-07-02	Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5379.nasl - Type : ACT_GATHER_INFO
2008-06-26	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5345.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote Fedora host is missing a security update. File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO
2008-06-24	Name : The remote Fedora host is missing a security update. File : fedora_2008-3606.nasl - Type : ACT_GATHER_INFO
2008-05-28	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-128-01.nasl - Type : ACT_GATHER_INFO
2008-05-19	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1578.nasl - Type : ACT_GATHER_INFO
2008-05-13	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1572.nasl - Type : ACT_GATHER_INFO
2008-05-02	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_6.nasl - Type : ACT_GATHER_INFO
2008-05-02	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f6377f0812a711ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-24.nasl - Type : ACT_GATHER_INFO
2008-03-07	Name : The remote Fedora host is missing a security update. File : fedora_2008-1842.nasl - Type : ACT_GATHER_INFO
2008-03-04	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f9e96930e6df11dc8c6a00304881ac9a.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1499.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-581-1.nasl - Type : ACT_GATHER_INFO
2008-02-20	Name : The remote Fedora host is missing a security update. File : fedora_2008-1783.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote Fedora host is missing a security update. File : fedora_2008-1533.nasl - Type : ACT_GATHER_INFO
2008-01-03	Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_8.nasl - Type : ACT_GATHER_INFO
2007-11-12	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_5.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:36:08	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	49
CWE ID(s)	17
Oval ID(s)	22
CPE ID(s)	447
osvdb(s)	15
Openvas Exploit(s)	76
Nessus® Exploit(s)	75

	Related
10	CVE-2008-2051
10	CVE-2008-2050
9.8	CVE-2008-2108
9.8	CVE-2008-0599
7.5	CVE-2008-3658
7.5	CVE-2008-2371
7.5	CVE-2008-2107
7.5	CVE-2008-0674
6.4	CVE-2008-3659
5	CVE-2008-3660
5	CVE-2008-2829
5	CVE-2008-2666
5	CVE-2008-2665
5	CVE-2008-1384
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 14 more Alert(s)