Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title php security update
Informations
Name RHSA-2010:0919 First vendor Publication 2010-11-29
Vendor RedHat Last vendor Modification 2010-11-29
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065)

An information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531)

A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)

It was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default. This update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128)

It was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917)

A NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially-crafted XML-RPC request. (CVE-2010-0397)

All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

573779 - CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension 577582 - CVE-2010-1128 php: LCG entropy weakness 617232 - CVE-2010-1917 php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021) 617673 - CVE-2010-2531 php: information leak vulnerability in var_export() 619030 - CVE-2010-3065 php: session serializer session data injection vulnerability (MOPS-2010-060) 649056 - CVE-2010-3870 php: XSS mitigation bypass via utf8_decode() 652836 - CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0919.html

CWE : Common Weakness Enumeration

% Id Name
17 % CWE-399 Resource Management Errors
17 % CWE-310 Cryptographic Issues
17 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-200 Information Exposure
17 % CWE-189 Numeric Errors (CWE/SANS Top 25)
17 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12483
 
Oval ID: oval:org.mitre.oval:def:12483
Title: DSA-2089-1 php5 -- several
Description: Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1917 The fnmatch function can be abused to conduct denial of service attacks by the means of a stack overflow. CVE-2010-2225 The SplObjectStorage unserializer allows attackers to execute arbitrary code via serialized data by the means of a use-after-free vulnerability. MOPS-60 The default sessions serializer does not correctly handle a special marker, which allows an attacker to inject arbitrary variables into the session and possibly exploit vulnerabilities in the unserializer. For the vulnerability described by CVE-2010-1128 we do not consider upstream's solution to be sufficient. It is recommended to uncomment the "session.entropy_file" and "session.entropy_length" settings in the php.ini files. Further improvements can be achieved by setting "session.hash_function" to 1 and incrementing the value of "session.entropy_length." For the stable distribution, these problems have been fixed in version 5.2.6.dfsg.1-1+lenny9. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your php5 packages.
Family: unix Class: patch
Reference(s): DSA-2089-1
CVE-2010-1917
CVE-2010-2225
CVE-2010-3065
CVE-2010-1128
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12706
 
Oval ID: oval:org.mitre.oval:def:12706
Title: USN-989-1 -- php5 vulnerabilities
Description: Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that the pseudorandom number generator in PHP did not provide the expected entropy. An attacker could exploit this issue to predict values that were intended to be random, such as session cookies. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that PHP did not properly handle directory pathnames that lacked a trailing slash character. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. Grzegorz Stachowiak discovered that the PHP session extension did not properly handle semicolon characters. An attacker could exploit this issue to bypass safe_mode restrictions. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. Stefan Esser discovered that PHP incorrectly decoded remote HTTP chunked encoding streams. An attacker could exploit this issue to cause the PHP server to crash and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 10.04 LTS. Mateusz Kocielski discovered that certain PHP SQLite functions incorrectly handled empty SQL queries. An attacker could exploit this issue to possibly execute arbitrary code with application privileges. Mateusz Kocielski discovered that PHP incorrectly handled certain arguments to the fnmatch function. An attacker could exploit this flaw and cause the PHP server to consume all available stack memory, resulting in a denial of service. Stefan Esser discovered that PHP incorrectly handled certain strings in the phar extension. An attacker could exploit this flaw to possibly view sensitive information. This issue only affected Ubuntu 10.04 LTS. Stefan Esser discovered that PHP incorrectly handled deserialization of SPLObjectStorage objects. A remote attacker could exploit this issue to view sensitive information and possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 8.04 LTS, 9.04, 9.10 and 10.04 LTS. It was discovered that PHP incorrectly filtered error messages when limits for memory, execution time, or recursion were exceeded. A remote attacker could exploit this issue to possibly view sensitive information. Stefan Esser discovered that the PHP session serializer incorrectly handled the PS_UNDEF_MARKER marker. An attacker could exploit this issue to alter arbitrary session variables
Family: unix Class: patch
Reference(s): USN-989-1
CVE-2010-0397
CVE-2010-1128
CVE-2010-1129
CVE-2010-1130
CVE-2010-1866
CVE-2010-1868
CVE-2010-1917
CVE-2010-2094
CVE-2010-2950
CVE-2010-2225
CVE-2010-2531
CVE-2010-3065
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13404
 
Oval ID: oval:org.mitre.oval:def:13404
Title: DSA-2018-1 php5 -- DoS (crash)
Description: Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes when processing invalid XML-RPC requests. For the stable distribution, this problem has been fixed in version 5.2.6.dfsg.1-1+lenny8. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 5.3.2-1. We recommend that you upgrade your php5 packages.
Family: unix Class: patch
Reference(s): DSA-2018-1
CVE-2010-0397
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22022
 
Oval ID: oval:org.mitre.oval:def:22022
Title: RHSA-2010:0919: php security update (Moderate)
Description: The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Family: unix Class: patch
Reference(s): RHSA-2010:0919-01
CESA-2010:0919
CVE-2009-5016
CVE-2010-0397
CVE-2010-1128
CVE-2010-1917
CVE-2010-2531
CVE-2010-3065
CVE-2010-3870
Version: 94
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23101
 
Oval ID: oval:org.mitre.oval:def:23101
Title: ELSA-2010:0919: php security update (Moderate)
Description: The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Family: unix Class: patch
Reference(s): ELSA-2010:0919-01
CVE-2009-5016
CVE-2010-0397
CVE-2010-1128
CVE-2010-1917
CVE-2010-2531
CVE-2010-3065
CVE-2010-3870
Version: 33
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6994
 
Oval ID: oval:org.mitre.oval:def:6994
Title: DSA-2018 php5 -- DoS (crash)
Description: Auke van Slooten discovered that PHP 5, an hypertext preprocessor, crashes when processing invalid XML-RPC requests.
Family: unix Class: patch
Reference(s): DSA-2018
CVE-2010-0397
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): php5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 364
Os 5
Os 2

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.3.4
File : nvt/nopsec_php_5_3_4.nasl
2012-06-21 Name : PHP version smaller than 5.3.3
File : nvt/nopsec_php_5_3_3.nasl
2012-06-21 Name : PHP version smaller than 5.3.1
File : nvt/nopsec_php_5_3_1.nasl
2012-06-21 Name : PHP version smaller than 5.2.14
File : nvt/nopsec_php_5_2_14.nasl
2012-06-21 Name : PHP version smaller than 5.2.11
File : nvt/nopsec_php_5_2_11.nasl
2012-06-05 Name : RedHat Update for php RHSA-2011:0195-01
File : nvt/gb_RHSA-2011_0195-01_php.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-06 (php)
File : nvt/glsa_201110_06.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-26 Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2011-08-09 Name : CentOS Update for php CESA-2010:0919 centos5 i386
File : nvt/gb_CESA-2010_0919_php_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2262-2 (php5)
File : nvt/deb_2262_2.nasl
2011-08-03 Name : Debian Security Advisory DSA 2266-1 (php5)
File : nvt/deb_2266_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2195-1 (php5)
File : nvt/deb_2195_1.nasl
2011-01-14 Name : Ubuntu Update for php5 vulnerabilities USN-1042-1
File : nvt/gb_ubuntu_USN_1042_1.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_php_fc13.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-19011
File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl
2011-01-11 Name : Fedora Update for php FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php_fc14.nasl
2011-01-11 Name : Fedora Update for php-eaccelerator FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl
2011-01-11 Name : Fedora Update for maniadrive FEDORA-2010-18976
File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl
2010-12-28 Name : Mandriva Update for php MDVSA-2010:254 (php)
File : nvt/gb_mandriva_MDVSA_2010_254.nasl
2010-12-09 Name : RedHat Update for php RHSA-2010:0919-01
File : nvt/gb_RHSA-2010_0919-01_php.nasl
2010-12-09 Name : CentOS Update for php CESA-2010:0919 centos4 i386
File : nvt/gb_CESA-2010_0919_php_centos4_i386.nasl
2010-11-16 Name : Mandriva Update for php MDVSA-2010:224 (php)
File : nvt/gb_mandriva_MDVSA_2010_224.nasl
2010-11-10 Name : PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
File : nvt/gb_php_44605.nasl
2010-09-22 Name : Ubuntu Update for php5 vulnerabilities USN-989-1
File : nvt/gb_ubuntu_USN_989_1.nasl
2010-08-30 Name : Fedora Update for php FEDORA-2010-11428
File : nvt/gb_fedora_2010_11428_php_fc12.nasl
2010-08-30 Name : Fedora Update for maniadrive FEDORA-2010-11428
File : nvt/gb_fedora_2010_11428_maniadrive_fc12.nasl
2010-08-30 Name : Fedora Update for php FEDORA-2010-11481
File : nvt/gb_fedora_2010_11481_php_fc13.nasl
2010-08-30 Name : Fedora Update for php-eaccelerator FEDORA-2010-11481
File : nvt/gb_fedora_2010_11481_php-eaccelerator_fc13.nasl
2010-08-30 Name : Fedora Update for maniadrive FEDORA-2010-11481
File : nvt/gb_fedora_2010_11481_maniadrive_fc13.nasl
2010-08-30 Name : Fedora Update for php-eaccelerator FEDORA-2010-11428
File : nvt/gb_fedora_2010_11428_php-eaccelerator_fc12.nasl
2010-08-02 Name : PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities
File : nvt/gb_php_41991.nasl
2010-07-30 Name : Mandriva Update for php MDVSA-2010:140 (php)
File : nvt/gb_mandriva_MDVSA_2010_140.nasl
2010-07-30 Name : Mandriva Update for php MDVSA-2010:139 (php)
File : nvt/gb_mandriva_MDVSA_2010_139.nasl
2010-03-31 Name : Mandriva Update for php MDVSA-2010:068 (php)
File : nvt/gb_mandriva_MDVSA_2010_068.nasl
2010-03-15 Name : PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
File : nvt/gb_php_38708.nasl
2010-02-27 Name : PHP < 5.2.13 Multiple Vulnerabilities
File : nvt/php_5_2_13.nasl
2010-02-19 Name : Mandriva Update for drakconf MDVA-2010:068 (drakconf)
File : nvt/gb_mandriva_MDVA_2010_068.nasl
2010-02-15 Name : Mandriva Update for mandriva-release MDVA-2010:058 (mandriva-release)
File : nvt/gb_mandriva_MDVA_2010_058.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-240-04 php
File : nvt/esoft_slk_ssa_2010_240_04.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69230 PHP utf8_decode Function UTF-8 Encoding / Data Crafted String Protection Mech...

69227 PHP ext/xml/xml.c xml_utf8_decode Function UTF-8 Encoding Remote Overflow

66805 PHP var_export() Function Fata Error Information Disclosure

66798 PHP Prefix Character Session Variable Serialization Unspecified Issue

64607 PHP fnmatch Function Stack Exhaustion DoS

63323 PHP Linear Congruential Generator (LCG) uniqid Function Session Cookie Entrop...

63078 PHP xmlrpc Extension xmlrpc_decode_request Function methodName Element Handli...

Nessus® Vulnerability Scanner

Date Description
2014-11-28 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15885.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-100812.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0919.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0195.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101129_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110203_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-10-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2266.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-101110.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO
2011-04-22 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_6_3_0_22.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2195.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0195.nasl - Type : ACT_GATHER_INFO
2011-01-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO
2010-12-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-254.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_4.nasl - Type : ACT_GATHER_INFO
2010-12-03 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-101105.nasl - Type : ACT_GATHER_INFO
2010-12-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7221.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-100805.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0919.nasl - Type : ACT_GATHER_INFO
2010-11-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0919.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-224.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7110.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-100928.nasl - Type : ACT_GATHER_INFO
2010-09-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-989-1.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-100813.nasl - Type : ACT_GATHER_INFO
2010-08-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-240-04.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11428.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11481.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO
2010-08-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2089.nasl - Type : ACT_GATHER_INFO
2010-08-04 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_14.nasl - Type : ACT_GATHER_INFO
2010-08-04 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_3.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-139.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-140.nasl - Type : ACT_GATHER_INFO
2010-05-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-100506.nasl - Type : ACT_GATHER_INFO
2010-05-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_apache2-mod_php5-100507.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-068.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2018.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-058.nasl - Type : ACT_GATHER_INFO
2010-02-26 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_13.nasl - Type : ACT_GATHER_INFO
2009-11-20 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_1.nasl - Type : ACT_GATHER_INFO
2009-09-18 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_11.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:54:07
  • Multiple Updates