Executive Summary
Summary | |
---|---|
Title | PHP: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200811-05 | First vendor Publication | 2008-11-16 |
Vendor | Gentoo | Last vendor Modification | 2008-11-16 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Background Description * PHP ships a vulnerable version of the PCRE library which allows for the circumvention of security restrictions or even for remote code execution in case of an application which accepts user-supplied regular expressions (CVE-2008-0674). * Multiple crash issues in several PHP functions have been discovered. * Ryan Permeh reported that the init_request_info() function in sapi/cgi/cgi_main.c does not properly consider operator precedence when calculating the length of PATH_TRANSLATED (CVE-2008-0599). * An off-by-one error in the metaphone() function may lead to memory corruption. * Maksymilian Arciemowicz of SecurityReason Research reported an integer overflow, which is triggerable using printf() and related functions (CVE-2008-1384). * Andrei Nigmatulin reported a stack-based buffer overflow in the FastCGI SAPI, which has unknown attack vectors (CVE-2008-2050). * Stefan Esser reported that PHP does not correctly handle multibyte characters inside the escapeshellcmd() function, which is used to sanitize user input before its usage in shell commands (CVE-2008-2051). * Stefan Esser reported that a short-coming in PHP's algorithm of seeding the random number generator might allow for predictible random numbers (CVE-2008-2107, CVE-2008-2108). * The IMAP extension in PHP uses obsolete c-client API calls making it vulnerable to buffer overflows as no bounds checking can be done (CVE-2008-2829). * Tavis Ormandy reported a heap-based buffer overflow in pcre_compile.c in the PCRE version shipped by PHP when processing user-supplied regular expressions (CVE-2008-2371). * CzechSec reported that specially crafted font files can lead to an overflow in the imageloadfont() function in ext/gd/gd.c, which is part of the GD extension (CVE-2008-3658). * Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665, * Laurent Gaffie discovered a buffer overflow in the internal memnstr() function, which is used by the PHP function explode() * An error in the FastCGI SAPI when processing a request with multiple dots preceding the extension (CVE-2008-3660). Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200811-05.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200811-05.xml |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-100 | Overflow Buffers |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-112 | Brute Force |
CAPEC-123 | Buffer Attacks |
CAPEC-171 | Variable Manipulation |
CAPEC-281 | Analytic Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
15 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
15 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
8 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
8 % | CWE-331 | Insufficient Entropy |
8 % | CWE-131 | Incorrect Calculation of Buffer Size (CWE/SANS Top 25) |
8 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16801 | |||
Oval ID: | oval:org.mitre.oval:def:16801 | ||
Title: | USN-581-1 -- pcre3 vulnerability | ||
Description: | It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-581-1 CVE-2008-0674 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | pcre3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17537 | |||
Oval ID: | oval:org.mitre.oval:def:17537 | ||
Title: | USN-624-1 -- pcre3 vulnerability | ||
Description: | Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-624-1 CVE-2008-2371 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | pcre3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17737 | |||
Oval ID: | oval:org.mitre.oval:def:17737 | ||
Title: | USN-628-1 -- php5 vulnerabilities | ||
Description: | It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-628-1 CVE-2007-4782 CVE-2007-4850 CVE-2007-5898 CVE-2007-5899 CVE-2008-0599 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 CVE-2008-2107 CVE-2008-2108 CVE-2008-2371 CVE-2008-2829 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | php5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18224 | |||
Oval ID: | oval:org.mitre.oval:def:18224 | ||
Title: | DSA-1578-1 php4 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1578-1 CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18599 | |||
Oval ID: | oval:org.mitre.oval:def:18599 | ||
Title: | DSA-1572-1 php5 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1572-1 CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18659 | |||
Oval ID: | oval:org.mitre.oval:def:18659 | ||
Title: | DSA-1602-1 pcre3 - arbitrary code execution | ||
Description: | Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1602-1 CVE-2008-2371 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18757 | |||
Oval ID: | oval:org.mitre.oval:def:18757 | ||
Title: | DSA-1499-1 pcre3 - arbitrary code execution | ||
Description: | It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (<a href="http://security-tracker.debian.org/tracker/CVE-2008-0674">CVE-2008-0674</a>). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1499-1 CVE-2008-0674 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20236 | |||
Oval ID: | oval:org.mitre.oval:def:20236 | ||
Title: | DSA-1647-1 php5 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1647-1 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5510 | |||
Oval ID: | oval:org.mitre.oval:def:5510 | ||
Title: | HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code | ||
Description: | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0599 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7744 | |||
Oval ID: | oval:org.mitre.oval:def:7744 | ||
Title: | DSA-1602 pcre3 -- buffer overflow | ||
Description: | Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1602 CVE-2008-2371 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7886 | |||
Oval ID: | oval:org.mitre.oval:def:7886 | ||
Title: | DSA-1499 pcre3 -- buffer overflow | ||
Description: | It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1499 CVE-2008-0674 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | pcre3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8065 | |||
Oval ID: | oval:org.mitre.oval:def:8065 | ||
Title: | DSA-1578 php4 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. A denial of service was possible through a malicious script abusing the glob() function. Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. The escapeshellcmd API function could be attacked via incomplete multibyte chars. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1578 CVE-2007-3799 CVE-2007-3806 CVE-2007-3998 CVE-2007-4657 CVE-2008-2051 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php4 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.7 File : nvt/nopsec_php_5_2_7.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.6 File : nvt/nopsec_php_5_2_6.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.5 File : nvt/nopsec_php_5_2_5.nasl |
2012-06-21 | Name : PHP < 4.4.9 File : nvt/nopsec_php_4_4_9.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.8 File : nvt/nopsec_php_4_4_8.nasl |
2011-08-09 | Name : CentOS Update for php CESA-2009:0337 centos4 i386 File : nvt/gb_CESA-2009_0337_php_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for php CESA-2009:0337 centos3 i386 File : nvt/gb_CESA-2009_0337_php_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for php CESA-2009:0338 centos5 i386 File : nvt/gb_CESA-2009_0338_php_centos5_i386.nasl |
2010-05-12 | Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003 File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl |
2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-04-19 | Name : PHP FastCGI Module File Extension Denial Of Service Vulnerabilities File : nvt/gb_php_31612.nasl |
2010-04-19 | Name : PHP Multiple Buffer Overflow Vulnerabilities File : nvt/gb_php_30649.nasl |
2010-04-09 | Name : Ubuntu Update for erlang vulnerability USN-624-2 File : nvt/gb_ubuntu_USN_624_2.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-22 | Name : HP-UX Update for Apache-based Web Server HPSBUX02465 File : nvt/gb_hp_ux_HPSBUX02465.nasl |
2009-10-13 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php1.nasl |
2009-10-13 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php2.nasl |
2009-07-17 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02431 File : nvt/gb_hp_ux_HPSBUX02431.nasl |
2009-06-05 | Name : Ubuntu USN-769-1 (libwmf) File : nvt/ubuntu_769_1.nasl |
2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
2009-06-05 | Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-3768 (maniadrive) File : nvt/fcore_2009_3768.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-3848 (maniadrive) File : nvt/fcore_2009_3848.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1789-1 (php5) File : nvt/deb_1789_1.nasl |
2009-05-05 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02401 File : nvt/gb_hp_ux_HPSBUX02401.nasl |
2009-05-05 | Name : HP-UX Update for Apache with PHP HPSBUX02342 File : nvt/gb_hp_ux_HPSBUX02342.nasl |
2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0337 File : nvt/RHSA_2009_0337.nasl |
2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0338 File : nvt/RHSA_2009_0338.nasl |
2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0350 File : nvt/RHSA_2009_0350.nasl |
2009-04-15 | Name : CentOS Security Advisory CESA-2009:0338 (php) File : nvt/ovcesa2009_0338.nasl |
2009-04-15 | Name : CentOS Security Advisory CESA-2009:0337 (php) File : nvt/ovcesa2009_0337.nasl |
2009-04-09 | Name : Mandriva Update for pcre MDVSA-2008:053 (pcre) File : nvt/gb_mandriva_MDVSA_2008_053.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:126 (php) File : nvt/gb_mandriva_MDVSA_2008_126.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:127 (php) File : nvt/gb_mandriva_MDVSA_2008_127.nasl |
2009-04-09 | Name : Mandriva Update for php MDVSA-2008:128 (php) File : nvt/gb_mandriva_MDVSA_2008_128.nasl |
2009-04-09 | Name : Mandriva Update for pcre MDVSA-2008:147 (pcre) File : nvt/gb_mandriva_MDVSA_2008_147.nasl |
2009-03-23 | Name : Ubuntu Update for pcre3 vulnerability USN-581-1 File : nvt/gb_ubuntu_USN_581_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl |
2009-03-23 | Name : Ubuntu Update for pcre3 vulnerability USN-624-1 File : nvt/gb_ubuntu_USN_624_1.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0544-01 File : nvt/gb_RHSA-2008_0544-01_php.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0545-01 File : nvt/gb_RHSA-2008_0545-01_php.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0546-01 File : nvt/gb_RHSA-2008_0546-01_php.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 x86_64 File : nvt/gb_CESA-2008_0544_php_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0546-01 centos2 i386 File : nvt/gb_CESA-2008_0546-01_php_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0544 centos3 i386 File : nvt/gb_CESA-2008_0544_php_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for glib2 FEDORA-2008-6048 File : nvt/gb_fedora_2008_6048_glib2_fc9.nasl |
2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6111 File : nvt/gb_fedora_2008_6111_pcre_fc8.nasl |
2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6110 File : nvt/gb_fedora_2008_6110_pcre_fc9.nasl |
2009-02-17 | Name : Fedora Update for glib2 FEDORA-2008-6025 File : nvt/gb_fedora_2008_6025_glib2_fc8.nasl |
2009-02-17 | Name : Fedora Update for php FEDORA-2008-3864 File : nvt/gb_fedora_2008_3864_php_fc8.nasl |
2009-02-17 | Name : Fedora Update for php FEDORA-2008-3606 File : nvt/gb_fedora_2008_3606_php_fc9.nasl |
2009-02-16 | Name : Fedora Update for glib2 FEDORA-2008-1533 File : nvt/gb_fedora_2008_1533_glib2_fc8.nasl |
2009-02-16 | Name : Fedora Update for pcre FEDORA-2008-1783 File : nvt/gb_fedora_2008_1783_pcre_fc8.nasl |
2009-02-16 | Name : Fedora Update for pcre FEDORA-2008-1842 File : nvt/gb_fedora_2008_1842_pcre_fc7.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:022 (php) File : nvt/mdksa_2009_022.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:024 (php4) File : nvt/mdksa_2009_024.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:023 (php) File : nvt/mdksa_2009_023.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:021 (php) File : nvt/mdksa_2009_021.nasl |
2008-12-10 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php54.nasl |
2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-05 (php) File : nvt/glsa_200811_05.nasl |
2008-10-09 | Name : Debian Security Advisory DSA 1647-1 (php5) File : nvt/deb_1647_1.nasl |
2008-10-07 | Name : Multiple Vulnerabilities in PHP August-08 File : nvt/gb_php_mult_vuln_aug08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-03 (libpcre glib) File : nvt/glsa_200807_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-24 (libpcre glib) File : nvt/glsa_200803_24.nasl |
2008-09-04 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php52.nasl |
2008-09-04 | Name : FreeBSD Ports: pcre File : nvt/freebsd_pcre1.nasl |
2008-09-04 | Name : FreeBSD Ports: php5-posix File : nvt/freebsd_php5-posix.nasl |
2008-07-15 | Name : Debian Security Advisory DSA 1602-1 (pcre3) File : nvt/deb_1602_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1578-1 (php4) File : nvt/deb_1578_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1572-1 (php5) File : nvt/deb_1572_1.nasl |
2008-02-28 | Name : Debian Security Advisory DSA 1499-1 (pcre3) File : nvt/deb_1499_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-210-09 pcre File : nvt/esoft_slk_ssa_2008_210_09.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-339-01 php File : nvt/esoft_slk_ssa_2008_339_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-128-01 php File : nvt/esoft_slk_ssa_2008_128_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47798 | PHP ext/gd/gd.c imageloadfont Function Crafted Font File Handling Overflow |
47797 | PHP memnstr Function explode Function delimiter Argument Overflow DoS |
47796 | PHP FastCGI Module Extension Malformed Request Handling Remote DoS |
46690 | Perl-Compatible Regular Expression (PCRE) pcre_compile.c Crafted Pattern Hand... |
46641 | PHP php_imap.c Obsolete API Crafted IMAP Request Overflow DoS |
46639 | PHP ftok Function http URL Argument safe_mode Restriction Bypass |
46638 | PHP chdir Function http URL Argument safe_mode Restriction Bypass |
46584 | PHP posix_access Function HTTP URL Traversal safe_mode Restriction Bypass |
44910 | PHP GENERATE_SEED Macro Multiplication Precision Weakness Random Functions Ba... |
44909 | PHP GENERATE_SEED Macro Seed Prediction Weakness Random Functions Based Prote... |
44908 | PHP escapeshellcmd API Function Multibyte Chars Unspecified Issue |
44907 | PHP FastCGI SAPI (fastcgi.c) Unspecified Overflow |
44906 | PHP cgi_main.c PATH_TRANSLATED Length Calculation Unspecified Issue |
44057 | PHP formatted_print.c php_sprintf_appendstring Function printf Format Variabl... |
41989 | Perl-Compatible Regular Expression (PCRE) Character Class Handling Remote DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0337.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0338.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090406_php_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-2.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0338.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5580.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-080625.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-080820.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-081114.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_pcre-080623.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3848.nasl - Type : ACT_GATHER_INFO |
2009-06-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3768.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1789.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-021.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-147.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-128.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-022.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-053.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-720-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-127.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0337.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0338.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0337.nasl - Type : ACT_GATHER_INFO |
2008-12-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_27d01223c45711dda7210030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-12-05 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_2_7.nasl - Type : ACT_GATHER_INFO |
2008-12-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-339-01.nasl - Type : ACT_GATHER_INFO |
2008-12-02 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5787.nasl - Type : ACT_GATHER_INFO |
2008-11-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO |
2008-10-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5661.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
2008-10-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1647.nasl - Type : ACT_GATHER_INFO |
2008-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5546.nasl - Type : ACT_GATHER_INFO |
2008-09-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ee6fa2bd406a11dd936a0015af872849.nasl - Type : ACT_GATHER_INFO |
2008-08-08 | Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_9.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-09.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0546.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-1.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-03.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6025.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote openSUSE host is missing a security update. File : suse_pcre-5366.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6111.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6110.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6048.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1602.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5379.nasl - Type : ACT_GATHER_INFO |
2008-06-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5345.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3606.nasl - Type : ACT_GATHER_INFO |
2008-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-128-01.nasl - Type : ACT_GATHER_INFO |
2008-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1578.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1572.nasl - Type : ACT_GATHER_INFO |
2008-05-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_6.nasl - Type : ACT_GATHER_INFO |
2008-05-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f6377f0812a711ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-24.nasl - Type : ACT_GATHER_INFO |
2008-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1842.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f9e96930e6df11dc8c6a00304881ac9a.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1499.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-581-1.nasl - Type : ACT_GATHER_INFO |
2008-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1783.nasl - Type : ACT_GATHER_INFO |
2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1533.nasl - Type : ACT_GATHER_INFO |
2008-01-03 | Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_8.nasl - Type : ACT_GATHER_INFO |
2007-11-12 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_5.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:08 |
|