Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title PHP vulnerabilities
Informations
Name USN-549-1 First vendor Publication 2007-11-29
Vendor Ubuntu Last vendor Modification 2007-11-29
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
libapache2-mod-php5 5.1.2-1ubuntu3.10
php5-cgi 5.1.2-1ubuntu3.10
php5-cli 5.1.2-1ubuntu3.10

Ubuntu 6.10:
libapache2-mod-php5 5.1.6-1ubuntu2.7
php5-cgi 5.1.6-1ubuntu2.7
php5-cli 5.1.6-1ubuntu2.7

Ubuntu 7.04:
libapache2-mod-php5 5.2.1-0ubuntu1.5
php5-cgi 5.2.1-0ubuntu1.5
php5-cli 5.2.1-0ubuntu1.5

Ubuntu 7.10:
libapache2-mod-php5 5.2.3-1ubuntu6.1
php5-cgi 5.2.3-1ubuntu6.1
php5-cli 5.2.3-1ubuntu6.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998)

Integer overflows were discovered in the strspn and strcspn functions. Attackers could exploit this to read arbitrary areas of memory, possibly gaining access to sensitive information. (CVE-2007-4657)

Stanislav Malyshev discovered that money_format function did not correctly handle certain tokens. If a PHP application were tricked into processing a bad format string, a remote attacker could execute arbitrary code with application privileges. (CVE-2007-4658)

It was discovered that the php_openssl_make_REQ function did not correctly check buffer lengths. A remote attacker could send a specially crafted message and execute arbitrary code with application privileges. (CVE-2007-4662)

It was discovered that certain characters in session cookies were not handled correctly. A remote attacker could injection values which could lead to altered application behavior, potentially gaining additional privileges. (CVE-2007-3799)

Gerhard Wagner discovered that the chunk_split function did not correctly handle long strings. A remote attacker could exploit this to execute arbitrary code with application privileges. (CVE-2007-2872, CVE-2007-4660, CVE-2007-4661)

Stefan Esser discovered that deeply nested arrays could be made to fill stack space. A remote attacker could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-1285, CVE-2007-4670)

Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. (CVE-2007-5898)

It was discovered that the output_add_rewrite_var fucntion would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user's login credentials. (CVE-2007-5899)

Original Source

Url : http://www.ubuntu.com/usn/USN-549-1

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99 XML Parser Attack

CWE : Common Weakness Enumeration

% Id Name
27 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18 % CWE-399 Resource Management Errors
18 % CWE-189 Numeric Errors (CWE/SANS Top 25)
18 % CWE-20 Improper Input Validation
9 % CWE-674 Uncontrolled Recursion
9 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10080
 
Oval ID: oval:org.mitre.oval:def:10080
Title: The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
Description: The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5898
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10363
 
Oval ID: oval:org.mitre.oval:def:10363
Title: The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
Description: The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4658
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10603
 
Oval ID: oval:org.mitre.oval:def:10603
Title: The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
Description: The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3998
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11017
 
Oval ID: oval:org.mitre.oval:def:11017
Title: The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Description: The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1285
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11028
 
Oval ID: oval:org.mitre.oval:def:11028
Title: Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
Description: Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4670
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11211
 
Oval ID: oval:org.mitre.oval:def:11211
Title: The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Description: The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5899
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16967
 
Oval ID: oval:org.mitre.oval:def:16967
Title: USN-549-2 -- php5 regression
Description: USN-549-1 fixed vulnerabilities in PHP.
Family: unix Class: patch
Reference(s): USN-549-2
CVE-2007-3998
CVE-2007-4657
CVE-2007-4658
CVE-2007-4662
CVE-2007-3799
CVE-2007-2872
CVE-2007-4660
CVE-2007-4661
CVE-2007-1285
CVE-2007-4670
CVE-2007-5898
CVE-2007-5899
Version: 7
Platform(s): Ubuntu 7.10
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17624
 
Oval ID: oval:org.mitre.oval:def:17624
Title: USN-549-1 -- php5 vulnerabilities
Description: It was discovered that the wordwrap function did not correctly check lengths.
Family: unix Class: patch
Reference(s): USN-549-1
CVE-2007-3998
CVE-2007-4657
CVE-2007-4658
CVE-2007-4662
CVE-2007-3799
CVE-2007-2872
CVE-2007-4660
CVE-2007-4661
CVE-2007-1285
CVE-2007-4670
CVE-2007-5898
CVE-2007-5899
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22339
 
Oval ID: oval:org.mitre.oval:def:22339
Title: ELSA-2007:0890: php security update (Moderate)
Description: Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
Family: unix Class: patch
Reference(s): ELSA-2007:0890-03
CVE-2007-2756
CVE-2007-2872
CVE-2007-3799
CVE-2007-3996
CVE-2007-3998
CVE-2007-4658
CVE-2007-4670
Version: 33
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9424
 
Oval ID: oval:org.mitre.oval:def:9424
Title: Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Description: Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2872
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9792
 
Oval ID: oval:org.mitre.oval:def:9792
Title: The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
Description: The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3799
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 303
Os 4
Os 2
Os 2
Os 2
Os 3
Os 3
Os 2

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.2.5
File : nvt/nopsec_php_5_2_5.nasl
2012-06-21 Name : PHP version smaller than 5.2.4
File : nvt/nopsec_php_5_2_4.nasl
2012-06-21 Name : PHP version smaller than 5.2.3
File : nvt/nopsec_php_5_2_3.nasl
2012-06-21 Name : PHP version smaller than 4.4.8
File : nvt/nopsec_php_4_4_8.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5015662.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5015608.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5012110.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX02308
File : nvt/gb_hp_ux_HPSBUX02308.nasl
2009-05-05 Name : HP-UX Update for Apache With PHP HPSBUX02332
File : nvt/gb_hp_ux_HPSBUX02332.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX02262
File : nvt/gb_hp_ux_HPSBUX02262.nasl
2009-04-09 Name : Mandriva Update for php MDVSA-2008:127 (php)
File : nvt/gb_mandriva_MDVSA_2008_127.nasl
2009-04-09 Name : Mandriva Update for php MDVSA-2008:126 (php)
File : nvt/gb_mandriva_MDVSA_2008_126.nasl
2009-04-09 Name : Mandriva Update for php MDKSA-2007:187 (php)
File : nvt/gb_mandriva_MDKSA_2007_187.nasl
2009-04-09 Name : Mandriva Update for php MDKSA-2007:090 (php)
File : nvt/gb_mandriva_MDKSA_2007_090.nasl
2009-04-09 Name : Mandriva Update for php MDKSA-2007:089 (php)
File : nvt/gb_mandriva_MDKSA_2007_089.nasl
2009-03-23 Name : Ubuntu Update for php5 vulnerabilities USN-628-1
File : nvt/gb_ubuntu_USN_628_1.nasl
2009-03-23 Name : Ubuntu Update for php5 regression USN-549-2
File : nvt/gb_ubuntu_USN_549_2.nasl
2009-03-23 Name : Ubuntu Update for php5 vulnerabilities USN-549-1
File : nvt/gb_ubuntu_USN_549_1.nasl
2009-03-06 Name : RedHat Update for php RHSA-2008:0546-01
File : nvt/gb_RHSA-2008_0546-01_php.nasl
2009-03-06 Name : RedHat Update for php RHSA-2008:0544-01
File : nvt/gb_RHSA-2008_0544-01_php.nasl
2009-03-06 Name : RedHat Update for php RHSA-2008:0545-01
File : nvt/gb_RHSA-2008_0545-01_php.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-415
File : nvt/gb_fedora_2007_415_php_fc6.nasl
2009-02-27 Name : CentOS Update for php CESA-2008:0544 centos3 i386
File : nvt/gb_CESA-2008_0544_php_centos3_i386.nasl
2009-02-27 Name : CentOS Update for php CESA-2008:0544 centos3 x86_64
File : nvt/gb_CESA-2008_0544_php_centos3_x86_64.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-2215
File : nvt/gb_fedora_2007_2215_php_fc7.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-455
File : nvt/gb_fedora_2007_455_php_fc5.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-526
File : nvt/gb_fedora_2007_526_php_fc5.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-709
File : nvt/gb_fedora_2007_709_php_fc6.nasl
2009-02-27 Name : CentOS Update for php CESA-2008:0546-01 centos2 i386
File : nvt/gb_CESA-2008_0546-01_php_centos2_i386.nasl
2009-02-17 Name : Fedora Update for php FEDORA-2008-3606
File : nvt/gb_fedora_2008_3606_php_fc9.nasl
2009-02-17 Name : Fedora Update for php FEDORA-2008-3864
File : nvt/gb_fedora_2008_3864_php_fc8.nasl
2009-01-23 Name : SuSE Update for php4, php5 SUSE-SA:2008:004
File : nvt/gb_suse_2008_004.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-19 (php)
File : nvt/glsa_200705_19.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200710-02 (php)
File : nvt/glsa_200710_02.nasl
2008-09-04 Name : FreeBSD Ports: php5
File : nvt/freebsd_php51.nasl
2008-05-27 Name : Debian Security Advisory DSA 1578-1 (php4)
File : nvt/deb_1578_1.nasl
2008-01-31 Name : Debian Security Advisory DSA 1444-2 (php5)
File : nvt/deb_1444_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1444-1 (php5)
File : nvt/deb_1444_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-152-01 php5
File : nvt/esoft_slk_ssa_2007_152_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-045-03 php
File : nvt/esoft_slk_ssa_2008_045_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58616 PHP string.c chunk_split Function Unspecified Overflow

45874 PHP chunk_split Function Unspecified Issue

38918 PHP output_add_rewrite_var Function Form Rewrite Information Disclosure

38683 PHP htmlentities/htmlspecialchars Partial Multibyte Sequence Weakness

36865 PHP money_format Function Unspecified Issue

36863 PHP Unspecified Issue (Zend Engine)

36862 PHP strcspn Function Overflow

36861 PHP strspn Function Overflow

36859 PHP php_openssl_make_REQ Function Overflow

36858 PHP wordwrap Function breakcharlen Variable DoS

36855 PHP ext/session session_start Function Cookie Manipulation

36083 PHP chunk_split Function Multiple Argument Overflows

32769 PHP Zend Engine Variable Destruction Deep Recursion Overflow

Zend Engine I in PHP 4.4.6 and lower, and Zend Engine II in PHP versions 5.2.1 and lower, contain flaws that may allow a remote denial of service. The issue is due to the application not enforcing sanity checks for the depth of nested arrays which allows a remote user to create very deeply nested array structures. Since the destruction of PHP arrays is done in a recursive way, the attempted destruction of the user's deeply nested array will result in a crash when the stack limit is exhausted, leading to a loss of availability for the service.

Nessus® Vulnerability Scanner

Date Description
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL7859.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080716_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080716_php_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11666.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12049.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-090.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-126.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-127.nasl - Type : ACT_GATHER_INFO
2008-07-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-628-1.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2008-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0546.nasl - Type : ACT_GATHER_INFO
2008-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0545.nasl - Type : ACT_GATHER_INFO
2008-07-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0544.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3864.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote Fedora host is missing a security update.
File : fedora_2008-3606.nasl - Type : ACT_GATHER_INFO
2008-05-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1578.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-02-18 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-045-03.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO
2008-01-08 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-4810.nasl - Type : ACT_GATHER_INFO
2008-01-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1444.nasl - Type : ACT_GATHER_INFO
2008-01-03 Name : The remote web server uses a version of PHP that is affected by multiple issues.
File : php_4_4_8.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-4808.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-3980.nasl - Type : ACT_GATHER_INFO
2007-12-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-549-2.nasl - Type : ACT_GATHER_INFO
2007-11-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-549-1.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_5.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO
2007-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0888.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-3979.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-3978.nasl - Type : ACT_GATHER_INFO
2007-10-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO
2007-10-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2007-09-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2007-09-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_4.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO
2007-06-02 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_3.nasl - Type : ACT_GATHER_INFO
2007-05-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO
2007-05-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0082.nasl - Type : ACT_GATHER_INFO
2007-05-04 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_4_4_7_or_5_2_2.nasl - Type : ACT_GATHER_INFO
2007-04-30 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-089.nasl - Type : ACT_GATHER_INFO
2007-04-30 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-455.nasl - Type : ACT_GATHER_INFO
2007-04-19 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-415.nasl - Type : ACT_GATHER_INFO
2007-04-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2007-04-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO
2007-04-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0154.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:04:47
  • Multiple Updates