Summary
Detail | |||
---|---|---|---|
Vendor | Php | First view | 2016-05-21 |
Product | Php | Last view | 2020-10-02 |
Version | 5.6.26 | Type | Application |
Update | - | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:php:php |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.3 | 2020-10-02 | CVE-2020-7070 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. |
6.5 | 2020-10-02 | CVE-2020-7069 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. |
3.6 | 2020-09-09 | CVE-2020-7068 | In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. |
7.5 | 2020-09-03 | CVE-2020-11579 | An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. |
5.3 | 2020-05-20 | CVE-2019-11048 | In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. |
7.5 | 2020-04-27 | CVE-2020-7067 | In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. |
4.3 | 2020-04-01 | CVE-2020-7066 | In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. |
8.8 | 2020-04-01 | CVE-2020-7065 | In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. |
5.4 | 2020-04-01 | CVE-2020-7064 | In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. |
5.3 | 2020-02-27 | CVE-2020-7063 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. |
7.5 | 2020-02-27 | CVE-2020-7062 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. |
9.1 | 2020-02-27 | CVE-2020-7061 | In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash. |
9.1 | 2020-02-10 | CVE-2020-7060 | When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. |
9.1 | 2020-02-10 | CVE-2020-7059 | When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. |
6.5 | 2019-12-23 | CVE-2019-11050 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
9.8 | 2019-12-23 | CVE-2019-11049 | In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. |
6.5 | 2019-12-23 | CVE-2019-11047 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
7.5 | 2019-12-23 | CVE-2019-11046 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. |
5.9 | 2019-12-23 | CVE-2019-11045 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. |
7.5 | 2019-12-23 | CVE-2019-11044 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. |
7.5 | 2019-11-25 | CVE-2019-19246 | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. |
9.8 | 2019-10-28 | CVE-2019-11043 | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. |
7.1 | 2019-08-09 | CVE-2019-11042 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
7.1 | 2019-08-09 | CVE-2019-11041 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. |
7.5 | 2019-07-10 | CVE-2017-7189 | main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
31% (32) | CWE-125 | Out-of-bounds Read |
11% (12) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
6% (7) | CWE-476 | NULL Pointer Dereference |
6% (7) | CWE-190 | Integer Overflow or Wraparound |
5% (6) | CWE-787 | Out-of-bounds Write |
5% (6) | CWE-416 | Use After Free |
4% (5) | CWE-20 | Improper Input Validation |
3% (4) | CWE-200 | Information Exposure |
3% (4) | CWE-189 | Numeric Errors |
2% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (2) | CWE-502 | Deserialization of Untrusted Data |
1% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
0% (1) | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
0% (1) | CWE-681 | Incorrect Conversion between Numeric Types |
0% (1) | CWE-565 | Reliance on Cookies without Validation and Integrity Checking |
0% (1) | CWE-415 | Double Free |
0% (1) | CWE-326 | Inadequate Encryption Strength |
0% (1) | CWE-284 | Access Control (Authorization) Issues |
0% (1) | CWE-281 | Improper Preservation of Permissions |
0% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
0% (1) | CWE-88 | Argument Injection or Modification |
0% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
SAINT Exploits
Description | Link |
---|---|
Horde Imp Unauthenticated Remote Command Execution | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2020-07-30 | PHP php_strip_tags_ex function out-of-bounds read attempt RuleID : 54406 - Type : SERVER-WEBAPP - Revision : 1 |
2020-07-30 | PHP php_strip_tags_ex function out-of-bounds read attempt RuleID : 54405 - Type : SERVER-WEBAPP - Revision : 1 |
2019-12-10 | PHP FPM env_path_info buffer underflow attempt RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1 |
2019-10-23 | PHP http fopen stack buffer overflow attempt RuleID : 51578 - Type : SERVER-WEBAPP - Revision : 1 |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file download attempt RuleID : 49673 - Type : SERVER-OTHER - Revision : 1 |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file upload attempt RuleID : 49672 - Type : SERVER-OTHER - Revision : 1 |
2018-12-11 | CVE PHP infinite loop from use of stream filter and convert.iconv file upload... RuleID : 48354 - Type : SERVER-WEBAPP - Revision : 2 |
2018-06-26 | PHP .phar cross site scripting attempt RuleID : 46808 - Type : SERVER-WEBAPP - Revision : 2 |
2017-07-18 | Oniguruma expression parser out of bounds write attempt RuleID : 43182 - Type : FILE-OTHER - Revision : 2 |
2017-07-18 | Oniguruma expression parser out of bounds write attempt RuleID : 43181 - Type : FILE-OTHER - Revision : 2 |
2017-03-28 | PHP Exception Handling remote denial of service attempt RuleID : 41690 - Type : SERVER-OTHER - Revision : 2 |
2017-03-28 | PHP Exception Handling remote denial of service attempt RuleID : 41689 - Type : SERVER-OTHER - Revision : 2 |
2017-02-23 | PHP ZipArchive getFromIndex and getFromName integer overflow attempt RuleID : 41384 - Type : SERVER-WEBAPP - Revision : 2 |
2017-02-23 | PHP ZipArchive getFromIndex and getFromName integer overflow attempt RuleID : 41383 - Type : SERVER-WEBAPP - Revision : 2 |
2016-07-28 | HttpOxy CGI application vulnerability potential man-in-the-middle attempt RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2 |
2016-08-31 | HttpOxy CGI application vulnerability potential man-in-the-middle attempt RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2 |
2014-01-10 | PHP uri tag injection attempt RuleID : 23111 - Type : POLICY-OTHER - Revision : 12 |
2014-01-10 | PHP function CRLF injection attempt RuleID : 12360 - Type : SERVER-WEBAPP - Revision : 11 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1147.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1aeac808ce.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-791c3cfe21.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7ebfe1e6f2.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b6072889db.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-dfe1f0bac6.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ee6707d519.nasl - Type: ACT_GATHER_INFO |
2018-12-17 | Name: The remote Debian host is missing a security update. File: debian_DLA-1608.nasl - Type: ACT_GATHER_INFO |
2018-12-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4353.nasl - Type: ACT_GATHER_INFO |
2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-01.nasl - Type: ACT_GATHER_INFO |
2018-10-26 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1325.nasl - Type: ACT_GATHER_INFO |
2018-10-19 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1090.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1309.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1310.nasl - Type: ACT_GATHER_INFO |
2018-09-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-25100b492c.nasl - Type: ACT_GATHER_INFO |
2018-09-20 | Name: The remote Debian host is missing a security update. File: debian_DLA-1509.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1249.nasl - Type: ACT_GATHER_INFO |
2018-09-04 | Name: The remote Debian host is missing a security update. File: debian_DLA-1490.nasl - Type: ACT_GATHER_INFO |
2018-08-24 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1066.nasl - Type: ACT_GATHER_INFO |
2018-08-24 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1067.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0029.nasl - Type: ACT_GATHER_INFO |
2018-08-10 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1224.nasl - Type: ACT_GATHER_INFO |
2018-07-06 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4240.nasl - Type: ACT_GATHER_INFO |
2018-07-03 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1217.nasl - Type: ACT_GATHER_INFO |