7.5 - HPSBTU02232 SSRT071429

Executive Summary

Summary
Title	Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS)

Informations
Name	HPSBTU02232 SSRT071429	First vendor Publication	2007-06-25
Vendor	HP	Last vendor Modification	2007-06-25
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). The vulnerabilities could be exploited by remote users to execute arbitrary code, read arbitrary files, or cause a Denial of Service (DoS).

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01086137

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-502	Deserialization of Untrusted Data
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10792

Oval ID:	oval:org.mitre.oval:def:10792
Title:	The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
Description:	The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1380	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-39.ent AND php-pgsql is earlier than 0:4.3.2-39.ent AND php-mysql is earlier than 0:4.3.2-39.ent AND php-ldap is earlier than 0:4.3.2-39.ent AND php-imap is earlier than 0:4.3.2-39.ent AND php-odbc is earlier than 0:4.3.2-39.ent AND php-devel is earlier than 0:4.3.2-39.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.3 AND php-snmp is earlier than 0:4.3.9-3.22.3 AND php-domxml is earlier than 0:4.3.9-3.22.3 AND php-mysql is earlier than 0:4.3.9-3.22.3 AND php-imap is earlier than 0:4.3.9-3.22.3 AND php-gd is earlier than 0:4.3.9-3.22.3 AND php is earlier than 0:4.3.9-3.22.3 AND php-mbstring is earlier than 0:4.3.9-3.22.3 AND php-pgsql is earlier than 0:4.3.9-3.22.3 AND php-pear is earlier than 0:4.3.9-3.22.3 AND php-ldap is earlier than 0:4.3.9-3.22.3 AND php-odbc is earlier than 0:4.3.9-3.22.3 AND php-ncurses is earlier than 0:4.3.9-3.22.3 AND php-devel is earlier than 0:4.3.9-3.22.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-7.el5 AND php-soap is earlier than 0:5.1.6-7.el5 AND php-common is earlier than 0:5.1.6-7.el5 AND php-mysql is earlier than 0:5.1.6-7.el5 AND php-imap is earlier than 0:5.1.6-7.el5 AND php-gd is earlier than 0:5.1.6-7.el5 AND php is earlier than 0:5.1.6-7.el5 AND php-mbstring is earlier than 0:5.1.6-7.el5 AND php-pgsql is earlier than 0:5.1.6-7.el5 AND php-xml is earlier than 0:5.1.6-7.el5 AND php-ldap is earlier than 0:5.1.6-7.el5 AND php-odbc is earlier than 0:5.1.6-7.el5 AND php-ncurses is earlier than 0:5.1.6-7.el5 AND php-devel is earlier than 0:5.1.6-7.el5 AND php-xmlrpc is earlier than 0:5.1.6-7.el5 AND php-snmp is earlier than 0:5.1.6-7.el5 AND php-pdo is earlier than 0:5.1.6-7.el5 AND php-dba is earlier than 0:5.1.6-7.el5 AND php-cli is earlier than 0:5.1.6-7.el5

Definition Id: oval:org.mitre.oval:def:11034

Oval ID:	oval:org.mitre.oval:def:11034
Title:	PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSIONs:39:".
Description:	PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION\|s:39:".
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1701	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-39.ent AND php-pgsql is earlier than 0:4.3.2-39.ent AND php-mysql is earlier than 0:4.3.2-39.ent AND php-ldap is earlier than 0:4.3.2-39.ent AND php-imap is earlier than 0:4.3.2-39.ent AND php-odbc is earlier than 0:4.3.2-39.ent AND php-devel is earlier than 0:4.3.2-39.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.3 AND php-snmp is earlier than 0:4.3.9-3.22.3 AND php-domxml is earlier than 0:4.3.9-3.22.3 AND php-mysql is earlier than 0:4.3.9-3.22.3 AND php-imap is earlier than 0:4.3.9-3.22.3 AND php-gd is earlier than 0:4.3.9-3.22.3 AND php is earlier than 0:4.3.9-3.22.3 AND php-mbstring is earlier than 0:4.3.9-3.22.3 AND php-pgsql is earlier than 0:4.3.9-3.22.3 AND php-pear is earlier than 0:4.3.9-3.22.3 AND php-ldap is earlier than 0:4.3.9-3.22.3 AND php-odbc is earlier than 0:4.3.9-3.22.3 AND php-ncurses is earlier than 0:4.3.9-3.22.3 AND php-devel is earlier than 0:4.3.9-3.22.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-7.el5 AND php-soap is earlier than 0:5.1.6-7.el5 AND php-common is earlier than 0:5.1.6-7.el5 AND php-mysql is earlier than 0:5.1.6-7.el5 AND php-imap is earlier than 0:5.1.6-7.el5 AND php-gd is earlier than 0:5.1.6-7.el5 AND php is earlier than 0:5.1.6-7.el5 AND php-mbstring is earlier than 0:5.1.6-7.el5 AND php-pgsql is earlier than 0:5.1.6-7.el5 AND php-xml is earlier than 0:5.1.6-7.el5 AND php-ldap is earlier than 0:5.1.6-7.el5 AND php-odbc is earlier than 0:5.1.6-7.el5 AND php-ncurses is earlier than 0:5.1.6-7.el5 AND php-devel is earlier than 0:5.1.6-7.el5 AND php-xmlrpc is earlier than 0:5.1.6-7.el5 AND php-snmp is earlier than 0:5.1.6-7.el5 AND php-pdo is earlier than 0:5.1.6-7.el5 AND php-dba is earlier than 0:5.1.6-7.el5 AND php-cli is earlier than 0:5.1.6-7.el5

Definition Id: oval:org.mitre.oval:def:11092

Oval ID:	oval:org.mitre.oval:def:11092
Title:	The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
Description:	The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-0988	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-39.ent AND php-pgsql is earlier than 0:4.3.2-39.ent AND php-mysql is earlier than 0:4.3.2-39.ent AND php-ldap is earlier than 0:4.3.2-39.ent AND php-imap is earlier than 0:4.3.2-39.ent AND php-odbc is earlier than 0:4.3.2-39.ent AND php-devel is earlier than 0:4.3.2-39.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.3 AND php-snmp is earlier than 0:4.3.9-3.22.3 AND php-domxml is earlier than 0:4.3.9-3.22.3 AND php-mysql is earlier than 0:4.3.9-3.22.3 AND php-imap is earlier than 0:4.3.9-3.22.3 AND php-gd is earlier than 0:4.3.9-3.22.3 AND php is earlier than 0:4.3.9-3.22.3 AND php-mbstring is earlier than 0:4.3.9-3.22.3 AND php-pgsql is earlier than 0:4.3.9-3.22.3 AND php-pear is earlier than 0:4.3.9-3.22.3 AND php-ldap is earlier than 0:4.3.9-3.22.3 AND php-odbc is earlier than 0:4.3.9-3.22.3 AND php-ncurses is earlier than 0:4.3.9-3.22.3 AND php-devel is earlier than 0:4.3.9-3.22.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section php-bcmath is earlier than 0:5.1.6-7.el5 AND php-soap is earlier than 0:5.1.6-7.el5 AND php-common is earlier than 0:5.1.6-7.el5 AND php-mysql is earlier than 0:5.1.6-7.el5 AND php-imap is earlier than 0:5.1.6-7.el5 AND php-gd is earlier than 0:5.1.6-7.el5 AND php is earlier than 0:5.1.6-7.el5 AND php-mbstring is earlier than 0:5.1.6-7.el5 AND php-pgsql is earlier than 0:5.1.6-7.el5 AND php-xml is earlier than 0:5.1.6-7.el5 AND php-ldap is earlier than 0:5.1.6-7.el5 AND php-odbc is earlier than 0:5.1.6-7.el5 AND php-ncurses is earlier than 0:5.1.6-7.el5 AND php-devel is earlier than 0:5.1.6-7.el5 AND php-xmlrpc is earlier than 0:5.1.6-7.el5 AND php-snmp is earlier than 0:5.1.6-7.el5 AND php-pdo is earlier than 0:5.1.6-7.el5 AND php-dba is earlier than 0:5.1.6-7.el5 AND php-cli is earlier than 0:5.1.6-7.el5

Definition Id: oval:org.mitre.oval:def:11575

Oval ID:	oval:org.mitre.oval:def:11575
Title:	Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
Description:	Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1286	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section php is earlier than 0:4.3.2-40.ent AND php-pgsql is earlier than 0:4.3.2-40.ent AND php-mysql is earlier than 0:4.3.2-40.ent AND php-ldap is earlier than 0:4.3.2-40.ent AND php-imap is earlier than 0:4.3.2-40.ent AND php-odbc is earlier than 0:4.3.2-40.ent AND php-devel is earlier than 0:4.3.2-40.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section php-xmlrpc is earlier than 0:4.3.9-3.22.4 AND php-snmp is earlier than 0:4.3.9-3.22.4 AND php-domxml is earlier than 0:4.3.9-3.22.4 AND php-mysql is earlier than 0:4.3.9-3.22.4 AND php-imap is earlier than 0:4.3.9-3.22.4 AND php-gd is earlier than 0:4.3.9-3.22.4 AND php is earlier than 0:4.3.9-3.22.4 AND php-mbstring is earlier than 0:4.3.9-3.22.4 AND php-pgsql is earlier than 0:4.3.9-3.22.4 AND php-pear is earlier than 0:4.3.9-3.22.4 AND php-ldap is earlier than 0:4.3.9-3.22.4 AND php-odbc is earlier than 0:4.3.9-3.22.4 AND php-ncurses is earlier than 0:4.3.9-3.22.4 AND php-devel is earlier than 0:4.3.9-3.22.4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Php cpe:2.3:a:php:php:5.2.1:-:::::: cpe:2.3:a:php:php:5.2.0:::::::* cpe:2.3:a:php:php:5.2.0:rc1:::::: cpe:2.3:a:php:php:5.2.0:rc2:::::: cpe:2.3:a:php:php:5.2.0:rc3:::::: cpe:2.3:a:php:php:5.2.0:rc4:::::: cpe:2.3:a:php:php:5.2.0:rc5:::::: cpe:2.3:a:php:php:5.2.0:rc6:::::: cpe:2.3:a:php:php:5.1.6:::::::* cpe:2.3:a:php:php:5.1.5:-:::::: cpe:2.3:a:php:php:5.1.5:rc1:::::: cpe:2.3:a:php:php:5.1.4:::::::* cpe:2.3:a:php:php:5.1.3:::::::* cpe:2.3:a:php:php:5.1.3:rc1:::::: cpe:2.3:a:php:php:5.1.3:rc2:::::: cpe:2.3:a:php:php:5.1.3:rc3:::::: cpe:2.3:a:php:php:5.1.2:-:::::: cpe:2.3:a:php:php:5.1.2:rc1:::::: cpe:2.3:a:php:php:5.1.2:rc2:::::: cpe:2.3:a:php:php:5.1.1:::::::* cpe:2.3:a:php:php:5.1.0:-:::::: cpe:2.3:a:php:php:5.1.0:beta1:::::: cpe:2.3:a:php:php:5.1.0:beta2:::::: cpe:2.3:a:php:php:5.1.0:beta3:::::: cpe:2.3:a:php:php:5.1.0:rc1:::::: cpe:2.3:a:php:php:5.1.0:rc2:::::: cpe:2.3:a:php:php:5.1.0:rc2-pre:::::: cpe:2.3:a:php:php:5.1.0:rc3:::::: cpe:2.3:a:php:php:5.1.0:rc4:::::: cpe:2.3:a:php:php:5.1.0:rc5:::::: cpe:2.3:a:php:php:5.1.0:rc6:::::: cpe:2.3:a:php:php:5.0.5:-:::::: cpe:2.3:a:php:php:5.0.5:rc1:::::: cpe:2.3:a:php:php:5.0.5:rc2:::::: cpe:2.3:a:php:php:5.0.4:-:::::: cpe:2.3:a:php:php:5.0.4:rc1:::::: cpe:2.3:a:php:php:5.0.4:rc2:::::: cpe:2.3:a:php:php:5.0.3:-:::::: cpe:2.3:a:php:php:5.0.3:rc1:::::: cpe:2.3:a:php:php:5.0.3:rc2:::::: cpe:2.3:a:php:php:5.0.2:-:::::: cpe:2.3:a:php:php:5.0.2:rc1:::::: cpe:2.3:a:php:php:5.0.1:-:::::: cpe:2.3:a:php:php:5.0.1:beta1:::::: cpe:2.3:a:php:php:5.0.1:rc1:::::: cpe:2.3:a:php:php:5.0.1:rc2:::::: cpe:2.3:a:php:php:5.0.0:beta3:::::: cpe:2.3:a:php:php:5.0.0:rc3:::::: cpe:2.3:a:php:php:5.0.0:beta1:::::: cpe:2.3:a:php:php:5.0.0:beta4:::::: cpe:2.3:a:php:php:5.0.0:rc1:::::: cpe:2.3:a:php:php:5.0.0:beta2:::::: cpe:2.3:a:php:php:5.0.0:rc2:::::: cpe:2.3:a:php:php:5.0.0:-:::::: cpe:2.3:a:php:php:5.0:rc1:::::: cpe:2.3:a:php:php:5.0:rc3:::::: cpe:2.3:a:php:php:5.0:rc2:::::: cpe:2.3:a:php:php:5:::::::* cpe:2.3:a:php:php:4.4.9:-:::::: cpe:2.3:a:php:php:4.4.9:rc1:::::: cpe:2.3:a:php:php:4.4.8:-:::::: cpe:2.3:a:php:php:4.4.8:rc1:::::: cpe:2.3:a:php:php:4.4.7:-:::::: cpe:2.3:a:php:php:4.4.7:rc1:::::: cpe:2.3:a:php:php:4.4.6:-:::::: cpe:2.3:a:php:php:4.4.6:rc1:::::: cpe:2.3:a:php:php:4.4.5:-:::::: cpe:2.3:a:php:php:4.4.5:rc1:::::: cpe:2.3:a:php:php:4.4.5:rc2:::::: cpe:2.3:a:php:php:4.4.4:-:::::: cpe:2.3:a:php:php:4.4.4:rc1:::::: cpe:2.3:a:php:php:4.4.3:-:::::: cpe:2.3:a:php:php:4.4.3:rc1:::::: cpe:2.3:a:php:php:4.4.3:rc2:::::: cpe:2.3:a:php:php:4.4.2:-:::::: cpe:2.3:a:php:php:4.4.2:rc1:::::: cpe:2.3:a:php:php:4.4.2:rc2:::::: cpe:2.3:a:php:php:4.4.1:-:::::: cpe:2.3:a:php:php:4.4.1:rc1:::::: cpe:2.3:a:php:php:4.4.0:-:::::: cpe:2.3:a:php:php:4.4.0:rc1:::::: cpe:2.3:a:php:php:4.4.0:rc2:::::: cpe:2.3:a:php:php:4.3.9:::::::* cpe:2.3:a:php:php:4.3.9:rc1:::::: cpe:2.3:a:php:php:4.3.9:rc2:::::: cpe:2.3:a:php:php:4.3.9:rc3:::::: cpe:2.3:a:php:php:4.3.8:::::::* cpe:2.3:a:php:php:4.3.7:-:::::: cpe:2.3:a:php:php:4.3.7:rc1:::::: cpe:2.3:a:php:php:4.3.6:-:::::: cpe:2.3:a:php:php:4.3.6:rc1:::::: cpe:2.3:a:php:php:4.3.6:rc2:::::: cpe:2.3:a:php:php:4.3.6:rc3:::::: cpe:2.3:a:php:php:4.3.5:-:::::: cpe:2.3:a:php:php:4.3.5:rc1:::::: cpe:2.3:a:php:php:4.3.5:rc2:::::: cpe:2.3:a:php:php:4.3.5:rc3:::::: cpe:2.3:a:php:php:4.3.5:rc4:::::: cpe:2.3:a:php:php:4.3.4:-:::::: cpe:2.3:a:php:php:4.3.4:rc1:::::: cpe:2.3:a:php:php:4.3.4:rc2:::::: cpe:2.3:a:php:php:4.3.4:rc3:::::: cpe:2.3:a:php:php:4.3.3:-:::::: cpe:2.3:a:php:php:4.3.3:rc1:::::: cpe:2.3:a:php:php:4.3.3:rc2:::::: cpe:2.3:a:php:php:4.3.3:rc3:::::: cpe:2.3:a:php:php:4.3.3:rc4:::::: cpe:2.3:a:php:php:4.3.2:-:::::: cpe:2.3:a:php:php:4.3.2:rc1:::::: cpe:2.3:a:php:php:4.3.2:rc2:::::: cpe:2.3:a:php:php:4.3.2:rc3:::::: cpe:2.3:a:php:php:4.3.2:rc4:::::: cpe:2.3:a:php:php:4.3.11:-:::::: cpe:2.3:a:php:php:4.3.11:rc1:::::: cpe:2.3:a:php:php:4.3.11:rc2:::::: cpe:2.3:a:php:php:4.3.10:-:::::: cpe:2.3:a:php:php:4.3.10:rc1:::::: cpe:2.3:a:php:php:4.3.10:rc2:::::: cpe:2.3:a:php:php:4.3.1:::::::* cpe:2.3:a:php:php:4.3.0:-:::::: cpe:2.3:a:php:php:4.3.0:alpha1:::::: cpe:2.3:a:php:php:4.3.0:alpha2:::::: cpe:2.3:a:php:php:4.3.0:alpha3:::::: cpe:2.3:a:php:php:4.3.0:dev:::::: cpe:2.3:a:php:php:4.3.0:pre1:::::: cpe:2.3:a:php:php:4.3.0:pre2:::::: cpe:2.3:a:php:php:4.3.0:rc1:::::: cpe:2.3:a:php:php:4.3.0:rc2:::::: cpe:2.3:a:php:php:4.3.0:rc3:::::: cpe:2.3:a:php:php:4.3.0:rc4:::::: cpe:2.3:a:php:php:4.2.3:-:::::: cpe:2.3:a:php:php:4.2.3:rc1:::::: cpe:2.3:a:php:php:4.2.3:rc2:::::: cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.2.1:-:::::: cpe:2.3:a:php:php:4.2.1:rc1:::::: cpe:2.3:a:php:php:4.2.1:rc2:::::: cpe:2.3:a:php:php:4.2.0:-:::::: cpe:2.3:a:php:php:4.2.0:rc1:::::: cpe:2.3:a:php:php:4.2.0:rc2:::::: cpe:2.3:a:php:php:4.2.0:rc3:::::: cpe:2.3:a:php:php:4.2.0:rc4:::::: cpe:2.3:a:php:php:4.2::dev::::: cpe:2.3:a:php:php:4.1.2:::::::* cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.1.0:-:::::: cpe:2.3:a:php:php:4.1.0:rc1:::::: cpe:2.3:a:php:php:4.1.0:rc2:::::: cpe:2.3:a:php:php:4.1.0:rc3:::::: cpe:2.3:a:php:php:4.1.0:rc4:::::: cpe:2.3:a:php:php:4.1.0:rc5:::::: cpe:2.3:a:php:php:4.0.7:rc3:::::: cpe:2.3:a:php:php:4.0.7:rc2:::::: cpe:2.3:a:php:php:4.0.7:rc4:::::: cpe:2.3:a:php:php:4.0.7:rc1:::::: cpe:2.3:a:php:php:4.0.7:-:::::: cpe:2.3:a:php:php:4.0.6:-:::::: cpe:2.3:a:php:php:4.0.6:rc1:::::: cpe:2.3:a:php:php:4.0.6:rc2:::::: cpe:2.3:a:php:php:4.0.6:rc3:::::: cpe:2.3:a:php:php:4.0.6:rc4:::::: cpe:2.3:a:php:php:4.0.5:-:::::: cpe:2.3:a:php:php:4.0.5:rc1:::::: cpe:2.3:a:php:php:4.0.5:rc2:::::: cpe:2.3:a:php:php:4.0.5:rc3:::::: cpe:2.3:a:php:php:4.0.5:rc4:::::: cpe:2.3:a:php:php:4.0.5:rc5:::::: cpe:2.3:a:php:php:4.0.5:rc6:::::: cpe:2.3:a:php:php:4.0.5:rc7:::::: cpe:2.3:a:php:php:4.0.5:rc8:::::: cpe:2.3:a:php:php:4.0.4pl1:::::::* cpe:2.3:a:php:php:4.0.4:patch1:::::: cpe:2.3:a:php:php:4.0.4:-:::::: cpe:2.3:a:php:php:4.0.4:rc1:::::: cpe:2.3:a:php:php:4.0.4:rc2:::::: cpe:2.3:a:php:php:4.0.4:rc3:::::: cpe:2.3:a:php:php:4.0.4:rc4:::::: cpe:2.3:a:php:php:4.0.4:rc5:::::: cpe:2.3:a:php:php:4.0.4:rc6:::::: cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.0.3:patch1:::::: cpe:2.3:a:php:php:4.0.3:rc1:::::: cpe:2.3:a:php:php:4.0.3:rc2:::::: cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.0.2:rc1:::::: cpe:2.3:a:php:php:4.0.1:patch2:::::: cpe:2.3:a:php:php:4.0.1:patch1:::::: cpe:2.3:a:php:php:4.0.1:-:::::: cpe:2.3:a:php:php:4.0.1:rc:::::: cpe:2.3:a:php:php:4.0.1:rc2:::::: cpe:2.3:a:php:php:4.0.0:::::::* cpe:2.3:a:php:php:4.0:beta1:::::: cpe:2.3:a:php:php:4.0:beta2:::::: cpe:2.3:a:php:php:4.0:beta3:::::: cpe:2.3:a:php:php:4.0:beta4:::::: cpe:2.3:a:php:php:4.0:beta_4_patch1:::::: cpe:2.3:a:php:php:4.0:rc1:::::: cpe:2.3:a:php:php:4.0:rc2:::::: cpe:2.3:a:php:php:4.0:-:::::: cpe:2.3:a:php:php:4:::::::* cpe:2.3:a:php:php:3.0.9:::::::* cpe:2.3:a:php:php:3.0.8:::::::* cpe:2.3:a:php:php:3.0.7:::::::* cpe:2.3:a:php:php:3.0.6:::::::* cpe:2.3:a:php:php:3.0.5:::::::* cpe:2.3:a:php:php:3.0.4:::::::* cpe:2.3:a:php:php:3.0.3:::::::* cpe:2.3:a:php:php:3.0.2:::::::* cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:3.0.17:::::::* cpe:2.3:a:php:php:3.0.16:::::::* cpe:2.3:a:php:php:3.0.15:::::::* cpe:2.3:a:php:php:3.0.14:::::::* cpe:2.3:a:php:php:3.0.13:::::::* cpe:2.3:a:php:php:3.0.12:::::::* cpe:2.3:a:php:php:3.0.11:::::::* cpe:2.3:a:php:php:3.0.10:::::::* cpe:2.3:a:php:php:3.0.1:::::::* cpe:2.3:a:php:php:3.0:::::::* cpe:2.3:a:php:php:2.0b10:::::::* cpe:2.3:a:php:php:2.0.2:::::::* cpe:2.3:a:php:php:2.0.1:::::::* cpe:2.3:a:php:php:2.0.0:-:::::: cpe:2.3:a:php:php:2.0.0:alpha1:::::: cpe:2.3:a:php:php:2.0.0:alpha2:::::: cpe:2.3:a:php:php:2.0.0:beta1:::::: cpe:2.3:a:php:php:2.0.0:rc1:::::: cpe:2.3:a:php:php:2.0:::::::* cpe:2.3:a:php:php:1.5:::::::* cpe:2.3:a:php:php:1.4:::::::* cpe:2.3:a:php:php:1.3.5:::::::* cpe:2.3:a:php:php:1.3.1:::::::* cpe:2.3:a:php:php:1.3:-:::::: cpe:2.3:a:php:php:1.3:beta2:::::: cpe:2.3:a:php:php:1.3:beta3:::::: cpe:2.3:a:php:php:1.3:beta6:::::: cpe:2.3:a:php:php:1.2.5:::::::* cpe:2.3:a:php:php:1.2.4:::::::* cpe:2.3:a:php:php:1.2.3:::::::* cpe:2.3:a:php:php:1.2.2:::::::* cpe:2.3:a:php:php:1.2.1:::::::* cpe:2.3:a:php:php:1.2.0:::::::* cpe:2.3:a:php:php:1.2:::::::* cpe:2.3:a:php:php:1.1.1:::::::* cpe:2.3:a:php:php:1.1.0:::::::* cpe:2.3:a:php:php:1.1:::::::* cpe:2.3:a:php:php:1.0.4:::::::* cpe:2.3:a:php:php:1.0.3:::::::* cpe:2.3:a:php:php:1.0.2:::::::* cpe:2.3:a:php:php:1.0.1:::::::* cpe:2.3:a:php:php:1.0.0:-:::::: cpe:2.3:a:php:php:1.0.0:rc1:::::: cpe:2.3:a:php:php:1.0:beta1:::::: cpe:2.3:a:php:php:1.0:beta2:::::: cpe:2.3:a:php:php:1.0:beta3:::::: cpe:2.3:a:php:php:1.0:rc1:::::: cpe:2.3:a:php:php:1.0:rc2:::::: cpe:2.3:a:php:php:0.91:::::::* cpe:2.3:a:php:php:0.90:::::::* cpe:2.3:a:php:php:0.9.4:::::::* cpe:2.3:a:php:php:0.9.3:::::::* cpe:2.3:a:php:php:0.9.2:::::::* cpe:2.3:a:php:php:0.9.1:::::::* cpe:2.3:a:php:php:0.9.0:::::::* cpe:2.3:a:php:php:0.9:::::::* cpe:2.3:a:php:php:0.7:::::::* cpe:2.3:a:php:php:0.6:::::::* cpe:2.3:a:php:php:0.5.3:::::::* cpe:2.3:a:php:php:0.5.2:::::::* cpe:2.3:a:php:php:0.5:::::::* cpe:2.3:a:php:php:0.4:::::::* cpe:2.3:a:php:php:0.3:::::::* cpe:2.3:a:php:php:0.2.4:::::::* cpe:2.3:a:php:php:0.2.3:::::::* cpe:2.3:a:php:php:0.2.2:::::::* cpe:2.3:a:php:php:0.2.1:::::::* cpe:2.3:a:php:php:0.2.0:::::::* cpe:2.3:a:php:php:0.2:::::::* cpe:2.3:a:php:php:0.11:::::::* cpe:2.3:a:php:php:0.10:::::::* cpe:2.3:a:php:php:0.1.1:::::::* cpe:2.3:a:php:php:0.1:::::::* cpe:2.3:a:php:php:::::::: cpe:2.3:a:php:php:-:::::::*	284
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts::: cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*	3

OpenVAS Exploits

Date	Description
2012-06-21	Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl
2012-06-21	Name : PHP version smaller than 5.2.0 File : nvt/nopsec_php_5_2_0.nasl
2012-06-21	Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl
2010-04-23	Name : PHP Session Data Deserialization Arbitrary Code Execution Vulnerability File : nvt/gb_php_23120.nasl
2010-04-23	Name : PHP PHP_Binary Heap Information Leak Vulnerability File : nvt/gb_php_22805.nasl
2010-04-21	Name : PHP Str_Replace() Integer Overflow Vulnerability File : nvt/gb_php_23233.nasl
2010-04-21	Name : PHP Printf() Function 64bit Casting Multiple Format String Vulnerabilities File : nvt/gb_php_23219.nasl
2009-10-10	Name : SLES9: Security update for PHP4 File : nvt/sles9p5017282.nasl
2009-10-10	Name : SLES9: Security update for PHP File : nvt/sles9p5016480.nasl
2009-04-09	Name : Mandriva Update for php MDKSA-2007:048 (php) File : nvt/gb_mandriva_MDKSA_2007_048.nasl
2009-03-23	Name : Ubuntu Update for php5 vulnerabilities USN-455-1 File : nvt/gb_ubuntu_USN_455_1.nasl
2009-03-23	Name : Ubuntu Update for php5 regression USN-424-2 File : nvt/gb_ubuntu_USN_424_2.nasl
2009-03-23	Name : Ubuntu Update for php5 vulnerabilities USN-424-1 File : nvt/gb_ubuntu_USN_424_1.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-261 File : nvt/gb_fedora_2007_261_php_fc6.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-287 File : nvt/gb_fedora_2007_287_php_fc5.nasl
2009-02-27	Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl
2009-01-28	Name : SuSE Update for php4,php5 SUSE-SA:2007:020 File : nvt/gb_suse_2007_020.nasl
2009-01-28	Name : SuSE Update for php4,php5 SUSE-SA:2007:032 File : nvt/gb_suse_2007_032.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200703-21 (php) File : nvt/glsa_200703_21.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200705-19 (php) File : nvt/glsa_200705_19.nasl
2008-09-04	Name : php -- multiple vulnerabilities File : nvt/freebsd_php5-imap.nasl
2008-01-17	Name : Debian Security Advisory DSA 1283-1 (php5) File : nvt/deb_1283_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1282-1 (php4) File : nvt/deb_1282_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1264-1 (php4) File : nvt/deb_1264_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2007-053-01 php File : nvt/esoft_slk_ssa_2007_053_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
36206	PHP readfile() Function Crafted Filename Request Restriction Bypass Arbitrary...
34767	PHP php_sprintf_appendstring Function 64 Bit Casting Memory Corruption PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to an integer signedness error in the printf function family as used on 64 bit machines. When a width and precision of -1 is passed to the php_sprintf_appendstring function, it may place an internal buffer at an arbitrary memory location. This may allow an attacker to execute arbitrary code.
33956	PHP str_replace() Function Multiple Remote Overflow PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the str_replace function not sanitizing user-supplied input. If an attacker supplies a single character search string in conjunction with a long replacement string, they can trigger an overflow and execute arbitrary code.
33955	PHP php_formatted_print Function 64 Bit Casting Memory Corruption PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to an integer signedness error in the printf function family as used on 64 bit machines. When a negative argument number is passed to the php_formatted_print function before a 64 to 32 bit truncation, it may bypass a check for the maximum allowable value causing memory corruption. This may allow an attacker to execute arbitrary code.
33953	PHP session.save_path open_basedir Restriction Bypass PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to an empty session save path (session.save_path) using the TMPDIR default after checking security restrictions. This may allow a local uesr to bypass the open_basedir security restriction.
33945	PHP _SESSION Deserialization Global Variable Overwrite PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the ability of the deserialization of session data to overwrite arbitrary global variables. This can allow an attacker to execute arbitrary code.
33944	PHP _SESSION unset() Hashtable Manipulation Arbitrary Code Execution PHP contains a flaw that may allow context-dependent attackers to gain elevated privileges. The issue is due to the session extension not properly calculating the reference count for session variables. This may allow an attacker to use a crafted string in the session_register function after unsetting global session variables, thus manipulating the session data Hashtable.
32776	PHP Session Extension php_binary Heap Information Disclosure The php_binary serialization handler in the PHP session extension is missing a boundary check and may lead to an unauthorized information disclosure. The condition is triggered during the extraction of an overly long php_binary session data format variable name, which will disclose up to 126 bytes of heap data into PHP variables, resulting in a loss of confidentiality.
32771	PHP unserialize() ZVAL Reference Counter Remote Overflow PHP contains a flaw that may a context-dependent attacker to elevate privileges. The issue can occur when the unserialize() function is used on an attacker supplied string, which can result in an integer overflow in the refcount variable in _zval_struct through the creation of a large number of references for a specific variable leading to a double destruction of the underlying variable. It is possible that the flaw may allow a remote attacker to execute arbitrary code resulting in a loss of integrity.
32762	PHP on 64-bit zend_hash_init Function Remote DoS PHP contains a flaw that may all a context-dependent attacker to deny service. The issue occurs on 64-bit platforms when the zend_hash_init function unserializing certain expressions causing 32-bit arguments to be used after the check for a negative value. This may cause the application to enter an infinite loop and require a restart.
29603	PHP ini_restore() Apache httpd.conf Options Bypass PHP contains a flaw that may allow a local user to bypass Apache configuration options. The issue is due to the ini_restore function resetting its value to the php.ini "Master Value" (default). This may allow an attacker to bypass the safe_mode and open_basedir restrictions.

Snort® IPS/IDS

Date	Description
2015-05-08	PHP 4 unserialize ZVAL Reference Counter Overflow attempt RuleID : 34027 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL7859.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0076.nasl - Type : ACT_GATHER_INFO
2008-03-25	Name : The remote web server uses a version of PHP that is affected by multiple buff... File : php_5_2_0.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-3290.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-2152.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-362-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-455-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-2.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-2153.nasl - Type : ACT_GATHER_INFO
2007-05-29	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO
2007-05-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0082.nasl - Type : ACT_GATHER_INFO
2007-05-04	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_7_or_5_2_2.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1283.nasl - Type : ACT_GATHER_INFO
2007-04-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1282.nasl - Type : ACT_GATHER_INFO
2007-04-19	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2007-04-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0154.nasl - Type : ACT_GATHER_INFO
2007-04-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2007-04-02	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO
2007-04-02	Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_1.nasl - Type : ACT_GATHER_INFO
2007-03-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-21.nasl - Type : ACT_GATHER_INFO
2007-03-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1264.nasl - Type : ACT_GATHER_INFO
2007-02-27	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-287.nasl - Type : ACT_GATHER_INFO
2007-02-23	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-053-01.nasl - Type : ACT_GATHER_INFO
2007-02-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0081.nasl - Type : ACT_GATHER_INFO
2007-02-23	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-048.nasl - Type : ACT_GATHER_INFO
2007-02-23	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-261.nasl - Type : ACT_GATHER_INFO
2007-02-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO
2007-02-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_059.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-185.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7fcf1727be7111dbb2ec000c6ec775d9.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	4
CPE ID(s)	287
osvdb(s)	11
Openvas Exploit(s)	26
Snort® Rule(s)	1
Nessus® Exploit(s)	34

	Related
7.5	CVE-2007-1885
7.5	CVE-2007-1700
6.8	CVE-2007-1886
6.8	CVE-2007-1884
6.8	CVE-2007-1701
6.8	CVE-2007-1286
5	CVE-2007-1380
4.6	CVE-2007-1835
4.3	CVE-2007-1710
4.3	CVE-2007-0988
3.6	CVE-2006-4625
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 11 more Alert(s)