Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access |
| Informations | |||
|---|---|---|---|
| Name | HPSBUX02465 SSRT090192 | First vendor Publication | 2009-10-21 |
| Vendor | HP | Last vendor Modification | 2009-10-21 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905287 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-28 | Fuzzing |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
| CAPEC-72 | URL Encoding |
| CAPEC-73 | User-Controlled Filename |
| CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
| CAPEC-79 | Using Slashes in Alternate Encoding |
| CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
| CAPEC-81 | Web Logs Tampering |
| CAPEC-83 | XPath Injection |
| CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
| CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
| CAPEC-88 | OS Command Injection |
| CAPEC-91 | XSS in IMG Tags |
| CAPEC-99 | XML Parser Attack |
| CAPEC-100 | Overflow Buffers |
| CAPEC-101 | Server Side Include (SSI) Injection |
| CAPEC-104 | Cross Zone Scripting |
| CAPEC-106 | Cross Site Scripting through Log Files |
| CAPEC-108 | Command Line Execution through SQL Injection |
| CAPEC-109 | Object Relational Mapping Injection |
| CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
| CAPEC-123 | Buffer Attacks |
| CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 30 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 15 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 10 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 5 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 5 % | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 5 % | CWE-200 | Information Exposure |
| 5 % | CWE-131 | Incorrect Calculation of Buffer Size (CWE/SANS Top 25) |
| 5 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10352 | |||
| Oval ID: | oval:org.mitre.oval:def:10352 | ||
| Title: | http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||
| Description: | http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-3918 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10812 | |||
| Oval ID: | oval:org.mitre.oval:def:10812 | ||
| Title: | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | ||
| Description: | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-0005 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10929 | |||
| Oval ID: | oval:org.mitre.oval:def:10929 | ||
| Title: | Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. | ||
| Description: | Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-4465 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11316 | |||
| Oval ID: | oval:org.mitre.oval:def:11316 | ||
| Title: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
| Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-2939 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11713 | |||
| Oval ID: | oval:org.mitre.oval:def:11713 | ||
| Title: | Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability | ||
| Description: | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-2364 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13835 | |||
| Oval ID: | oval:org.mitre.oval:def:13835 | ||
| Title: | USN-731-1 -- apache2 vulnerabilities | ||
| Description: | It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that Apache was vulnerable to a cross-site request forgery in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-731-1 CVE-2007-6203 CVE-2007-6420 CVE-2008-1678 CVE-2008-2168 CVE-2008-2364 CVE-2008-2939 | Version: | 5 |
| Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17537 | |||
| Oval ID: | oval:org.mitre.oval:def:17537 | ||
| Title: | USN-624-1 -- pcre3 vulnerability | ||
| Description: | Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-624-1 CVE-2008-2371 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | pcre3 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17648 | |||
| Oval ID: | oval:org.mitre.oval:def:17648 | ||
| Title: | USN-575-1 -- apache2 vulnerabilities | ||
| Description: | It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-575-1 CVE-2006-3918 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17737 | |||
| Oval ID: | oval:org.mitre.oval:def:17737 | ||
| Title: | USN-628-1 -- php5 vulnerabilities | ||
| Description: | It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-628-1 CVE-2007-4782 CVE-2007-4850 CVE-2007-5898 CVE-2007-5899 CVE-2008-0599 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 CVE-2008-2107 CVE-2008-2108 CVE-2008-2371 CVE-2008-2829 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | php5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18659 | |||
| Oval ID: | oval:org.mitre.oval:def:18659 | ||
| Title: | DSA-1602-1 pcre3 - arbitrary code execution | ||
| Description: | Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1602-1 CVE-2008-2371 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20236 | |||
| Oval ID: | oval:org.mitre.oval:def:20236 | ||
| Title: | DSA-1647-1 php5 - several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1647-1 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | php5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21751 | |||
| Oval ID: | oval:org.mitre.oval:def:21751 | ||
| Title: | ELSA-2008:0967: httpd security and bug fix update (Moderate) | ||
| Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0967-01 CVE-2008-2364 CVE-2008-2939 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22498 | |||
| Oval ID: | oval:org.mitre.oval:def:22498 | ||
| Title: | ELSA-2008:0008: httpd security update (Moderate) | ||
| Description: | mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0008-01 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 | Version: | 29 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:29289 | |||
| Oval ID: | oval:org.mitre.oval:def:29289 | ||
| Title: | RHSA-2008:0967 -- httpd security and bug fix update (Moderate) | ||
| Description: | Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2008:0967 CESA-2008:0967-CentOS 5 CESA-2008:0967-CentOS 3 CVE-2008-2364 CVE-2008-2939 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5510 | |||
| Oval ID: | oval:org.mitre.oval:def:5510 | ||
| Title: | HP-UX Running Apache with PHP, Remote Execution of Arbitrary Code | ||
| Description: | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-0599 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7716 | |||
| Oval ID: | oval:org.mitre.oval:def:7716 | ||
| Title: | Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability | ||
| Description: | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-2939 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7744 | |||
| Oval ID: | oval:org.mitre.oval:def:7744 | ||
| Title: | DSA-1602 pcre3 -- buffer overflow | ||
| Description: | Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1602 CVE-2008-2371 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | pcre3 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9577 | |||
| Oval ID: | oval:org.mitre.oval:def:9577 | ||
| Title: | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | ||
| Description: | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-2364 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-06-13 | Oracle HTTP Server XSS Header Injection |
| 2009-01-02 | PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-06-21 | Name : PHP < 4.4.9 File : nvt/nopsec_php_4_4_9.nasl |
| 2012-06-21 | Name : PHP version smaller than 5.2.6 File : nvt/nopsec_php_5_2_6.nasl |
| 2012-06-21 | Name : PHP version smaller than 5.2.7 File : nvt/nopsec_php_5_2_7.nasl |
| 2012-06-21 | Name : PHP version smaller than 5.2.9 File : nvt/nopsec_php_5_2_9.nasl |
| 2011-08-09 | Name : CentOS Update for php CESA-2009:0337 centos3 i386 File : nvt/gb_CESA-2009_0337_php_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for php CESA-2009:0337 centos4 i386 File : nvt/gb_CESA-2009_0337_php_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for php CESA-2009:0338 centos5 i386 File : nvt/gb_CESA-2009_0338_php_centos5_i386.nasl |
| 2011-01-04 | Name : HP-UX Update for Apache-based Web Server HPSBUX02612 File : nvt/gb_hp_ux_HPSBUX02612.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2008-005 File : nvt/macosx_secupd_2008-005.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2009-005 File : nvt/macosx_secupd_2009-005.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003 File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
| 2010-04-19 | Name : PHP Multiple Buffer Overflow Vulnerabilities File : nvt/gb_php_30649.nasl |
| 2010-04-19 | Name : PHP FastCGI Module File Extension Denial Of Service Vulnerabilities File : nvt/gb_php_31612.nasl |
| 2010-04-09 | Name : Ubuntu Update for erlang vulnerability USN-624-2 File : nvt/gb_ubuntu_USN_624_2.nasl |
| 2010-01-07 | Name : Gentoo Security Advisory GLSA 201001-03 (php) File : nvt/glsa_201001_03.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-22 | Name : HP-UX Update for Apache-based Web Server HPSBUX02465 File : nvt/gb_hp_ux_HPSBUX02465.nasl |
| 2009-10-13 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php.nasl |
| 2009-10-13 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php0.nasl |
| 2009-10-13 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php1.nasl |
| 2009-10-13 | Name : SLES10: Security update for PHP5 File : nvt/sles10_apache2-mod_php2.nasl |
| 2009-10-13 | Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache2.nasl |
| 2009-10-13 | Name : SLES10: Security update for Apache 2 File : nvt/sles10_apache20.nasl |
| 2009-10-11 | Name : SLES11: Security update for PHP5 File : nvt/sles11_apache2-mod_php.nasl |
| 2009-10-10 | Name : SLES9: Security update for apache2 File : nvt/sles9p5012664.nasl |
| 2009-10-10 | Name : SLES9: Security update for apache2,apache2-prefork,apache2-worker File : nvt/sles9p5013454.nasl |
| 2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5023052.nasl |
| 2009-10-10 | Name : SLES9: Security update for Apache File : nvt/sles9p5023075.nasl |
| 2009-10-10 | Name : SLES9: Security update for Apache 2 File : nvt/sles9p5037600.nasl |
| 2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5046240.nasl |
| 2009-07-17 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02431 File : nvt/gb_hp_ux_HPSBUX02431.nasl |
| 2009-07-15 | Name : Mandrake Security Advisory MDVSA-2009:124-1 (apache) File : nvt/mdksa_2009_124_1.nasl |
| 2009-06-05 | Name : Fedora Core 10 FEDORA-2009-3768 (maniadrive) File : nvt/fcore_2009_3768.nasl |
| 2009-06-05 | Name : Fedora Core 9 FEDORA-2009-3848 (maniadrive) File : nvt/fcore_2009_3848.nasl |
| 2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:124 (apache) File : nvt/mdksa_2009_124.nasl |
| 2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-720-1 (php5) File : nvt/ubuntu_720_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-769-1 (libwmf) File : nvt/ubuntu_769_1.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 2 120543-14 File : nvt/gb_solaris_120543_14.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 2 120544-14 File : nvt/gb_solaris_120544_14.nasl |
| 2009-05-11 | Name : Debian Security Advisory DSA 1789-1 (php5) File : nvt/deb_1789_1.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache with PHP HPSBUX02342 File : nvt/gb_hp_ux_HPSBUX02342.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache HPSBUX02365 File : nvt/gb_hp_ux_HPSBUX02365.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache Web Server Suite HPSBUX02401 File : nvt/gb_hp_ux_HPSBUX02401.nasl |
| 2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0337 File : nvt/RHSA_2009_0337.nasl |
| 2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0338 File : nvt/RHSA_2009_0338.nasl |
| 2009-04-15 | Name : RedHat Security Advisory RHSA-2009:0350 File : nvt/RHSA_2009_0350.nasl |
| 2009-04-15 | Name : CentOS Security Advisory CESA-2009:0337 (php) File : nvt/ovcesa2009_0337.nasl |
| 2009-04-15 | Name : CentOS Security Advisory CESA-2009:0338 (php) File : nvt/ovcesa2009_0338.nasl |
| 2009-04-09 | Name : Mandriva Update for apache MDKSA-2007:235 (apache) File : nvt/gb_mandriva_MDKSA_2007_235.nasl |
| 2009-04-09 | Name : Mandriva Update for apache MDVSA-2008:016 (apache) File : nvt/gb_mandriva_MDVSA_2008_016.nasl |
| 2009-04-09 | Name : Mandriva Update for php MDVSA-2008:126 (php) File : nvt/gb_mandriva_MDVSA_2008_126.nasl |
| 2009-04-09 | Name : Mandriva Update for php MDVSA-2008:127 (php) File : nvt/gb_mandriva_MDVSA_2008_127.nasl |
| 2009-04-09 | Name : Mandriva Update for php MDVSA-2008:128 (php) File : nvt/gb_mandriva_MDVSA_2008_128.nasl |
| 2009-04-09 | Name : Mandriva Update for pcre MDVSA-2008:147 (pcre) File : nvt/gb_mandriva_MDVSA_2008_147.nasl |
| 2009-04-09 | Name : Mandriva Update for apache MDVSA-2008:195 (apache) File : nvt/gb_mandriva_MDVSA_2008_195.nasl |
| 2009-04-06 | Name : SuSE Security Summary SUSE-SR:2009:008 File : nvt/suse_sr_2009_008.nasl |
| 2009-03-31 | Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl |
| 2009-03-23 | Name : Ubuntu Update for apache2 vulnerabilities USN-575-1 File : nvt/gb_ubuntu_USN_575_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for pcre3 vulnerability USN-624-1 File : nvt/gb_ubuntu_USN_624_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-628-1 File : nvt/gb_ubuntu_USN_628_1.nasl |
| 2009-03-20 | Name : FreeBSD Ports: php4-mbstring File : nvt/freebsd_php4-mbstring.nasl |
| 2009-03-13 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache14.nasl |
| 2009-03-13 | Name : SuSE Security Summary SUSE-SR:2009:006 File : nvt/suse_sr_2009_006.nasl |
| 2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
| 2009-03-07 | Name : Mandrake Security Advisory MDVSA-2009:065 (php4) File : nvt/mdksa_2009_065.nasl |
| 2009-03-07 | Name : Ubuntu USN-726-1 (curl) File : nvt/ubuntu_726_1.nasl |
| 2009-03-07 | Name : Ubuntu USN-726-2 (curl) File : nvt/ubuntu_726_2.nasl |
| 2009-03-07 | Name : Ubuntu USN-727-1 (network-manager-applet) File : nvt/ubuntu_727_1.nasl |
| 2009-03-07 | Name : Ubuntu USN-727-2 (network-manager) File : nvt/ubuntu_727_2.nasl |
| 2009-03-06 | Name : RedHat Update for apache RHSA-2008:0004-01 File : nvt/gb_RHSA-2008_0004-01_apache.nasl |
| 2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0005-01 File : nvt/gb_RHSA-2008_0005-01_httpd.nasl |
| 2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0006-01 File : nvt/gb_RHSA-2008_0006-01_httpd.nasl |
| 2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0008-01 File : nvt/gb_RHSA-2008_0008-01_httpd.nasl |
| 2009-03-06 | Name : RedHat Update for httpd RHSA-2008:0967-01 File : nvt/gb_RHSA-2008_0967-01_httpd.nasl |
| 2009-02-27 | Name : CentOS Update for apache CESA-2008:0004-01 centos2 i386 File : nvt/gb_CESA-2008_0004-01_apache_centos2_i386.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0005 centos3 i386 File : nvt/gb_CESA-2008_0005_httpd_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0005 centos3 x86_64 File : nvt/gb_CESA-2008_0005_httpd_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0006 centos4 i386 File : nvt/gb_CESA-2008_0006_httpd_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0006 centos4 x86_64 File : nvt/gb_CESA-2008_0006_httpd_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos3 i386 File : nvt/gb_CESA-2008_0967_httpd_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos3 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos4 i386 File : nvt/gb_CESA-2008_0967_httpd_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for httpd CESA-2008:0967 centos4 x86_64 File : nvt/gb_CESA-2008_0967_httpd_centos4_x86_64.nasl |
| 2009-02-27 | Name : Fedora Update for httpd FEDORA-2007-2214 File : nvt/gb_fedora_2007_2214_httpd_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for httpd FEDORA-2007-707 File : nvt/gb_fedora_2007_707_httpd_fc6.nasl |
| 2009-02-23 | Name : Mandrake Security Advisory MDVSA-2009:045 (php) File : nvt/mdksa_2009_045.nasl |
| 2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
| 2009-02-17 | Name : Fedora Update for php FEDORA-2008-3606 File : nvt/gb_fedora_2008_3606_php_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for php FEDORA-2008-3864 File : nvt/gb_fedora_2008_3864_php_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for glib2 FEDORA-2008-6025 File : nvt/gb_fedora_2008_6025_glib2_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for glib2 FEDORA-2008-6048 File : nvt/gb_fedora_2008_6048_glib2_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6110 File : nvt/gb_fedora_2008_6110_pcre_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for pcre FEDORA-2008-6111 File : nvt/gb_fedora_2008_6111_pcre_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for httpd FEDORA-2008-6314 File : nvt/gb_fedora_2008_6314_httpd_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for httpd FEDORA-2008-6393 File : nvt/gb_fedora_2008_6393_httpd_fc9.nasl |
| 2009-02-16 | Name : Fedora Update for httpd FEDORA-2008-1695 File : nvt/gb_fedora_2008_1695_httpd_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for httpd FEDORA-2008-1711 File : nvt/gb_fedora_2008_1711_httpd_fc7.nasl |
| 2009-01-28 | Name : SuSE Update for apache2 SUSE-SA:2007:061 File : nvt/gb_suse_2007_061.nasl |
| 2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:021 (php) File : nvt/mdksa_2009_021.nasl |
| 2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:022 (php) File : nvt/mdksa_2009_022.nasl |
| 2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:023 (php) File : nvt/mdksa_2009_023.nasl |
| 2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:024 (php4) File : nvt/mdksa_2009_024.nasl |
| 2009-01-23 | Name : SuSE Update for apache2,apache SUSE-SA:2008:021 File : nvt/gb_suse_2008_021.nasl |
| 2009-01-07 | Name : FreeBSD Ports: php5-gd File : nvt/freebsd_php5-gd.nasl |
| 2008-12-31 | Name : PHP 'imageRotate()' Memory Information Disclosure Vulnerability File : nvt/secpod_php_imagerotate_info_disc_vuln.nasl |
| 2008-12-31 | Name : Heap-based buffer overflow in 'mbstring' extension for PHP File : nvt/secpod_php_mbstring_ext_bof_vuln.nasl |
| 2008-12-26 | Name : PHP Security Bypass and File Writing Vulnerability - Dec08 File : nvt/secpod_php_sec_bypass_n_file_write_vuln_900184.nasl |
| 2008-12-10 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php54.nasl |
| 2008-11-19 | Name : Gentoo Security Advisory GLSA 200811-05 (php) File : nvt/glsa_200811_05.nasl |
| 2008-10-09 | Name : Debian Security Advisory DSA 1647-1 (php5) File : nvt/deb_1647_1.nasl |
| 2008-10-07 | Name : Multiple Vulnerabilities in PHP August-08 File : nvt/gb_php_mult_vuln_aug08.nasl |
| 2008-09-25 | Name : IBM HTTP Server mod_proxy Interim Responses DoS Vulnerability File : nvt/secpod_ibmhttpserver_mod_proxy_dos_900222.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-06 (apache) File : nvt/glsa_200711_06.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-19 (apache) File : nvt/glsa_200803_19.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-03 (libpcre glib) File : nvt/glsa_200807_03.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-06 (apache) File : nvt/glsa_200807_06.nasl |
| 2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache13.nasl |
| 2008-09-04 | Name : FreeBSD Ports: php5-posix File : nvt/freebsd_php5-posix.nasl |
| 2008-08-22 | Name : Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability File : nvt/secpod_apache_mod_proxy_ftp_xss_vuln_900107.nasl |
| 2008-07-15 | Name : Debian Security Advisory DSA 1602-1 (pcre3) File : nvt/deb_1602_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1167-1 (apache) File : nvt/deb_1167_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-045-01 httpd File : nvt/esoft_slk_ssa_2008_045_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-128-01 php File : nvt/esoft_slk_ssa_2008_128_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-210-09 pcre File : nvt/esoft_slk_ssa_2008_210_09.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-339-01 php File : nvt/esoft_slk_ssa_2008_339_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-098-02 php File : nvt/esoft_slk_ssa_2009_098_02.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 52207 | PHP SAPI php_getuid() Function Security Restriction Bypass |
| 52205 | PHP error_log php_admin_flag Safe Mode Bypass |
| 51477 | PHP mbstring Extension ext/mbstring/libmbfl/filters/mbfilter_htmlent.c Multip... |
| 51031 | PHP imageRotate Function Indexed Image Crafted Argument Arbitrary Memory Access |
| 50480 | PHP ZipArchive::extractTo() ZIP File Traversal Arbitrary File Overwrite |
| 47798 | PHP ext/gd/gd.c imageloadfont Function Crafted Font File Handling Overflow |
| 47797 | PHP memnstr Function explode Function delimiter Argument Overflow DoS |
| 47796 | PHP FastCGI Module Extension Malformed Request Handling Remote DoS |
| 47474 | Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS |
| 46690 | Perl-Compatible Regular Expression (PCRE) pcre_compile.c Crafted Pattern Hand... |
| 46641 | PHP php_imap.c Obsolete API Crafted IMAP Request Overflow DoS |
| 46639 | PHP ftok Function http URL Argument safe_mode Restriction Bypass |
| 46638 | PHP chdir Function http URL Argument safe_mode Restriction Bypass |
| 46584 | PHP posix_access Function HTTP URL Traversal safe_mode Restriction Bypass |
| 46085 | Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interi... |
| 45420 | Apache HTTP Server 403 Error Page UTF-7 Encoded XSS |
| 44906 | PHP cgi_main.c PATH_TRANSLATED Length Calculation Unspecified Issue |
| 42214 | Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS |
| 39003 | Apache HTTP Server HTTP Method Header Request Entity Too Large XSS |
| 38636 | Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS |
| 27488 | IBM HTTP Server Expect Header XSS |
| 27487 | Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Multiple Products IFRAME src javascript code execution RuleID : 3679 - Revision : 18 - Type : INDICATOR-OBFUSCATION |
| 2014-01-10 | Apache 413 error HTTP request method cross-site scripting attack RuleID : 16611 - Revision : 7 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL6669.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL9761.nasl - Type : ACT_GATHER_INFO |
| 2013-08-11 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0619.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0005.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0006.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0008.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0337.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0338.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0618.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080115_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090406_php_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The web server running on the remote host has a cross-site scripting vulnerab... File : apache_utf7_xss.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6847.nasl - Type : ACT_GATHER_INFO |
| 2010-04-27 | Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_0_0_95.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-2.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1940.nasl - Type : ACT_GATHER_INFO |
| 2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO |
| 2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO |
| 2010-02-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_apache2-mod_php5-100215.nasl - Type : ACT_GATHER_INFO |
| 2010-02-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-100212.nasl - Type : ACT_GATHER_INFO |
| 2010-02-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6846.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0338.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12124.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12125.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12258.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12382.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php5-090319.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-6035.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5580.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5909.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-6069.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-080925.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-080820.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-081114.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-090114.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_apache2-mod_php5-090312.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_pcre-080623.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-mod_php5-090119.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_apache2-mod_php5-090312.nasl - Type : ACT_GATHER_INFO |
| 2009-06-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3768.nasl - Type : ACT_GATHER_INFO |
| 2009-06-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3848.nasl - Type : ACT_GATHER_INFO |
| 2009-06-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-124.nasl - Type : ACT_GATHER_INFO |
| 2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
| 2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
| 2009-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1789.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-016.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-127.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-128.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-147.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-195.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-021.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-022.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-045.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-720-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-731-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-098-02.nasl - Type : ACT_GATHER_INFO |
| 2009-04-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0337.nasl - Type : ACT_GATHER_INFO |
| 2009-04-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0337.nasl - Type : ACT_GATHER_INFO |
| 2009-04-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0338.nasl - Type : ACT_GATHER_INFO |
| 2009-04-03 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-6068.nasl - Type : ACT_GATHER_INFO |
| 2009-03-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a2074ac6124c11dea9640030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-03-13 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-6054.nasl - Type : ACT_GATHER_INFO |
| 2009-03-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f18920660e7411de92de000bcdc1757a.nasl - Type : ACT_GATHER_INFO |
| 2009-02-27 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_9.nasl - Type : ACT_GATHER_INFO |
| 2009-02-06 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5934.nasl - Type : ACT_GATHER_INFO |
| 2009-02-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_58a3c266db0111ddae30001cc0377035.nasl - Type : ACT_GATHER_INFO |
| 2008-12-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_27d01223c45711dda7210030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2008-12-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-339-01.nasl - Type : ACT_GATHER_INFO |
| 2008-12-05 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_2_7.nasl - Type : ACT_GATHER_INFO |
| 2008-12-02 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5787.nasl - Type : ACT_GATHER_INFO |
| 2008-11-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200811-05.nasl - Type : ACT_GATHER_INFO |
| 2008-11-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5767.nasl - Type : ACT_GATHER_INFO |
| 2008-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0967.nasl - Type : ACT_GATHER_INFO |
| 2008-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5628.nasl - Type : ACT_GATHER_INFO |
| 2008-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5629.nasl - Type : ACT_GATHER_INFO |
| 2008-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5648.nasl - Type : ACT_GATHER_INFO |
| 2008-10-16 | Name : The remote web server is vulnerable to a cross-site scripting attack. File : apache_mod_proxy_ftp_glob_xss.nasl - Type : ACT_ATTACK |
| 2008-10-16 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5661.nasl - Type : ACT_GATHER_INFO |
| 2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
| 2008-10-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1647.nasl - Type : ACT_GATHER_INFO |
| 2008-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-5546.nasl - Type : ACT_GATHER_INFO |
| 2008-09-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ee6fa2bd406a11dd936a0015af872849.nasl - Type : ACT_GATHER_INFO |
| 2008-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6314.nasl - Type : ACT_GATHER_INFO |
| 2008-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6393.nasl - Type : ACT_GATHER_INFO |
| 2008-08-08 | Name : The remote web server uses a version of PHP that is affected by multiple issues. File : php_4_4_9.nasl - Type : ACT_GATHER_INFO |
| 2008-08-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO |
| 2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-09.nasl - Type : ACT_GATHER_INFO |
| 2008-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO |
| 2008-07-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-624-1.nasl - Type : ACT_GATHER_INFO |
| 2008-07-11 | Name : The remote web server may be affected by several issues. File : apache_2_2_9.nasl - Type : ACT_GATHER_INFO |
| 2008-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-03.nasl - Type : ACT_GATHER_INFO |
| 2008-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-06.nasl - Type : ACT_GATHER_INFO |
| 2008-07-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1602.nasl - Type : ACT_GATHER_INFO |
| 2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6025.nasl - Type : ACT_GATHER_INFO |
| 2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6048.nasl - Type : ACT_GATHER_INFO |
| 2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6110.nasl - Type : ACT_GATHER_INFO |
| 2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6111.nasl - Type : ACT_GATHER_INFO |
| 2008-07-08 | Name : The remote openSUSE host is missing a security update. File : suse_pcre-5366.nasl - Type : ACT_GATHER_INFO |
| 2008-06-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-5345.nasl - Type : ACT_GATHER_INFO |
| 2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3606.nasl - Type : ACT_GATHER_INFO |
| 2008-06-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO |
| 2008-06-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c84dc9ad41f711dda4f900163e000016.nasl - Type : ACT_GATHER_INFO |
| 2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO |
| 2008-05-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO |
| 2008-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-128-01.nasl - Type : ACT_GATHER_INFO |
| 2008-05-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_6.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5125.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5126.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-5127.nasl - Type : ACT_GATHER_INFO |
| 2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-5128.nasl - Type : ACT_GATHER_INFO |
| 2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
| 2008-03-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-19.nasl - Type : ACT_GATHER_INFO |
| 2008-03-07 | Name : The remote web server may be affected by several issues. File : apache_1_3_41.nasl - Type : ACT_GATHER_INFO |
| 2008-03-07 | Name : The remote web server is affected by multiple cross-site scripting vulnerabil... File : apache_2_0_63.nasl - Type : ACT_GATHER_INFO |
| 2008-02-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_8.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-045-01.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1695.nasl - Type : ACT_GATHER_INFO |
| 2008-02-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1711.nasl - Type : ACT_GATHER_INFO |
| 2008-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-575-1.nasl - Type : ACT_GATHER_INFO |
| 2008-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO |
| 2008-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO |
| 2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0004.nasl - Type : ACT_GATHER_INFO |
| 2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO |
| 2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO |
| 2008-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-4669.nasl - Type : ACT_GATHER_INFO |
| 2007-12-04 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-235.nasl - Type : ACT_GATHER_INFO |
| 2007-11-20 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-4666.nasl - Type : ACT_GATHER_INFO |
| 2007-11-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-06.nasl - Type : ACT_GATHER_INFO |
| 2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2214.nasl - Type : ACT_GATHER_INFO |
| 2007-09-25 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-707.nasl - Type : ACT_GATHER_INFO |
| 2007-09-14 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_2_6.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_051.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1167.nasl - Type : ACT_GATHER_INFO |
| 2006-08-23 | Name : The remote web server is vulnerable to a cross-site scripting attack. File : www_expect_xss.nasl - Type : ACT_ATTACK |
| 2006-08-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0619.nasl - Type : ACT_GATHER_INFO |
| 2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0619.nasl - Type : ACT_GATHER_INFO |
| 2006-08-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0618.nasl - Type : ACT_GATHER_INFO |
