This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:php:php:4.3.9
Detail
VendorPhpFirst view 2004-11-03
ProductPhpLast view2019-03-08
Version4.3.9TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:php:php

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
7.52019-03-08CVE-2019-9641NetworkLowNone Requ...
52019-03-08CVE-2019-9639NetworkLowNone Requ...
52019-03-08CVE-2019-9638NetworkLowNone Requ...
52019-03-08CVE-2019-9637NetworkLowNone Requ...
52019-02-22CVE-2019-9024NetworkLowNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
7.52019-02-22CVE-2019-9023NetworkLowNone Requ...
7.52019-02-22CVE-2019-9021NetworkLowNone Requ...
7.52019-02-22CVE-2019-9020NetworkLowNone Requ...
52019-02-21CVE-2018-20783NetworkLowNone Requ...
6.82019-01-26CVE-2019-6977NetworkMediumNone Requ...
4.32018-09-16CVE-2018-17082NetworkMediumNone Requ...
52018-08-07CVE-2018-15132NetworkLowNone Requ...
52018-08-03CVE-2018-14883NetworkLowNone Requ...
4.32018-08-02CVE-2018-14851NetworkMediumNone Requ...
6.82018-04-29CVE-2018-10549NetworkMediumNone Requ...
52018-04-29CVE-2018-10548NetworkLowNone Requ...
4.32018-04-29CVE-2018-10547NetworkMediumNone Requ...
52018-04-29CVE-2018-10546NetworkLowNone Requ...
1.92018-04-29CVE-2018-10545LocalMediumNone Requ...
7.52018-03-01CVE-2018-7584NetworkLowNone Requ...
52018-02-09CVE-2016-10712NetworkLowNone Requ...
4.32018-01-16CVE-2018-5712NetworkMediumNone Requ...
4.32018-01-16CVE-2018-5711NetworkMediumNone Requ...
52017-11-07CVE-2017-16642NetworkLowNone Requ...

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
23% (65)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (47)CWE-20Improper Input Validation
11% (31)CWE-189Numeric Errors
6% (19)CWE-264Permissions, Privileges, and Access Controls
5% (15)CWE-125Out-of-bounds Read
Hide | Show 20 More...
%idName
4% (13)CWE-200Information Exposure
3% (11)CWE-399Resource Management Errors
3% (10)CWE-416Use After Free
3% (9)CWE-190Integer Overflow or Wraparound
2% (7)CWE-476NULL Pointer Dereference
2% (7)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (6)CWE-787Out-of-bounds Write
2% (6)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (4)CWE-59Improper Link Resolution Before File Access ('Link Following')
1% (3)CWE-502Deserialization of Untrusted Data
1% (3)CWE-400Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (3)CWE-310Cryptographic Issues
1% (3)CWE-19Data Handling
0% (2)CWE-362Race Condition
0% (2)CWE-284Access Control (Authorization) Issues
0% (2)CWE-134Uncontrolled Format String
0% (2)CWE-78Improper Sanitization of Special Elements used in an OS Command ('O...
0% (2)CWE-74Failure to Sanitize Data into a Different Plane ('Injection')
0% (1)CWE-754Improper Check for Unusual or Exceptional Conditions
0% (1)CWE-415Double Free

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-59Session Credential Falsification through Prediction
CAPEC-82Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99XML Parser Attack
CAPEC-100Overflow Buffers
Hide | Show 3 More...
idName
CAPEC-112Brute Force
CAPEC-123Buffer Attacks
CAPEC-281Analytic Attacks

Oval Markup Language : Definitions

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalIDName
oval:org.mitre.oval:def:11032The exif_read_data function in the Exif module in PHP before 4.4.1 allows rem...
oval:org.mitre.oval:def:12016Security bypass vulnerability in the extract function in PHP before 5.2.15
oval:org.mitre.oval:def:11034PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled,...
oval:org.mitre.oval:def:12334Vulnerability in the Standard PHP Library (SPL) extension in PHP before 5.3.4
oval:org.mitre.oval:def:13989USN-1126-1 -- php5 vulnerabilities
Hide | Show 20 More...
idName
oval:org.mitre.oval:def:13955USN-1126-2 -- php5 regressions
oval:org.mitre.oval:def:29107HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser...
oval:org.mitre.oval:def:19358HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Pri...
oval:org.mitre.oval:def:18140DSA-2465-1 php5 - several
oval:org.mitre.oval:def:21035RHSA-2013:1050: php53 security update (Critical)
oval:org.mitre.oval:def:20931RHSA-2013:1049: php security update (Critical)
oval:org.mitre.oval:def:18965DSA-2723-1 php5 - heap corruption
oval:org.mitre.oval:def:24124ELSA-2013:1049: php security update (Critical)
oval:org.mitre.oval:def:23414ELSA-2013:1050: php53 security update (Critical)
oval:org.mitre.oval:def:23370DEPRECATED: ELSA-2013:1049: php security update (Critical)
oval:org.mitre.oval:def:25866SUSE-SU-2013:1285-2 -- Security update for PHP5
oval:org.mitre.oval:def:25802SUSE-SU-2013:1317-1 -- Security update for PHP5
oval:org.mitre.oval:def:25747SUSE-SU-2013:1316-1 -- Security update for PHP5
oval:org.mitre.oval:def:25298SUSE-SU-2013:1285-1 -- Security update for PHP5
oval:org.mitre.oval:def:27533DEPRECATED: ELSA-2013-1050 -- php53 security update (critical)
oval:org.mitre.oval:def:27441DEPRECATED: ELSA-2013-1049 -- php security update (critical)
oval:org.mitre.oval:def:10897PHP before 5.2.3 allows context-dependent attackers to cause a denial of serv...
oval:org.mitre.oval:def:21114RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
oval:org.mitre.oval:def:18927USN-1937-1 -- php5 vulnerability
oval:org.mitre.oval:def:18760DSA-2742-1 php5 - interpretation conflict

SAINT Exploits

DescriptionLink
PHP CGI Query String Parameters Command ExecutionMore info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
78115PHP Hash Collission Form Parameter Parsing Remote DoS
75200PHP *alloc Functions Argument Handling Arbitrary Value Injection Overflow
74742PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure
74739PHP error_log Function Unspecified DoS
74738PHP crypt() Function Salt Argument Overflow
Hide | Show 20 More...
idDescription
74728PHP extract() Function EXTR_OVERWRITE Parameter Variable Overwriting
74689PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary ...
74688PHP mt_rand Function max Parameter Overflow
74193PHP PCNTL Extension Concurrent Signal Saturation Race Condition Memory Corrup...
73755PHP OpenSSL Extension x Function openssl_decrypt Ciphertext Data Memory Leak DoS
73754PHP OpenSSL Extension openssl_encrypt Function Plaintext Data Memory Leak DoS
73626PHP Calendar Extension SdnToJulian Function Overflow DoS
73625PHP Intl Extension NumberFormatter::setSymbol Function Invalid Argument DoS
73624PHP Streams Component HTTP Proxy FTP Wrapper ftp:// URL DoS
73623PHP Zip Extension stream_get_contents Function ziparchive Stream Handling DoS
73622PHP Zip Extension zip_stream.c zip_fread Function Call Integer Signedness Err...
73218PHP substr_replace Function Repeated Argument Variable Memory Corruption
73113PHP main/rfc1867.c rfc1867_post_handler Function Traversal Upload File Path I...
72533PHP ZIP Extension zip_name_locate.c _zip_name_locate Function Malformed ZIP A...
72532PHP phar Extension phar_object.c Multiple Format Strings
72531PHP strval Function Numerical Argument Handling DoS
71598PHP ext/shmop/shmop.c shmop_read Function Overflow
71597PHP Exif Extension (exif.c) Image File Directory (IFD) Parsing DoS
70609PHP Iconv Extension iconv_mime_decode_headers Function Crafted Email Subject ...
70607PHP Zend Engine Multiple Method Object Reference Access Use-after-free DoS

ExploitDB Exploits

idDescription
30395PHP openssl_x509_parse() - Memory Corruption Vulnerability
29290Apache / PHP 5.x Remote Code Execution Exploit
25986Plesk Apache Zeroday Remote Exploit
18836PHP CGI Argument Injection Exploit
18834PHP CGI Argument Injection
Hide | Show 8 More...
idDescription
18305PHP Hash Table Collision Proof Of Concept
18296PHP Hashtables Denial of Service
17004libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
16966PHP <= 5.3.6 shmop_read() Integer Overflow DoS
15722PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
11636Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0)
7646PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability
4392PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update)
File : nvt/gb_suse_2012_0426_1.nasl
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0590-1 (update)
File : nvt/gb_suse_2012_0590_1.nasl
2012-10-03Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-09-26Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-25Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
Hide | Show 20 More...
idDescription
2012-09-24Name : PHP 'main/SAPI.c' HTTP Header Injection Vulnerability
File : nvt/gb_php_http_header_injection_vuln_win.nasl
2012-09-22Name : Ubuntu Update for php5 USN-1569-1
File : nvt/gb_ubuntu_USN_1569_1.nasl
2012-09-19Name : FreeBSD Ports: php5-sqlite
File : nvt/freebsd_php5-sqlite.nasl
2012-09-19Name : FreeBSD Ports: php5
File : nvt/freebsd_php520.nasl
2012-09-10Name : Slackware Advisory SSA:2011-210-01 libpng
File : nvt/esoft_slk_ssa_2011_210_01.nasl
2012-09-10Name : Slackware Advisory SSA:2011-237-01 php
File : nvt/esoft_slk_ssa_2011_237_01.nasl
2012-09-10Name : Slackware Advisory SSA:2012-204-01 php
File : nvt/esoft_slk_ssa_2012_204_01.nasl
2012-09-07Name : FreeBSD Ports: php5
File : nvt/freebsd_php519.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_php_fc17.nasl
2012-08-30Name : Debian Security Advisory DSA 2527-1 (php5)
File : nvt/deb_2527_1.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_php_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-8924
File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12165
File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_php_fc17.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-6869
File : nvt/gb_fedora_2012_6869_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-6869
File : nvt/gb_fedora_2012_6869_php_fc17.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-B-0108Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0061365
2015-A-0199Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337
2014-B-0086Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0052897
2014-B-0021Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0044541
2014-A-0030Apple Mac OS X Security Update 2014-001
Severity : Category I - VMSKEY : V0044547
Hide | Show 2 More...
idDescription
2013-A-0179Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373
2013-B-0093Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0040108

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
DateDescription
2019-05-07PHP gdImageColorMatch heap buffer overflow file download attempt
RuleID : 49673 - Type : SERVER-OTHER - Revision : 1
2019-05-07PHP gdImageColorMatch heap buffer overflow file upload attempt
RuleID : 49672 - Type : SERVER-OTHER - Revision : 1
2018-12-11CVE PHP infinite loop from use of stream filter and convert.iconv file upload...
RuleID : 48354 - Type : SERVER-WEBAPP - Revision : 2
2018-06-26PHP .phar cross site scripting attempt
RuleID : 46808 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44749 - Type : SERVER-WEBAPP - Revision : 2
Hide | Show 20 More...
DateDescription
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44748 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44747 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44746 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44745 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44744 - Type : SERVER-WEBAPP - Revision : 2
2017-10-24PHP form-based file upload DoS attempt
RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2
2017-09-19PHP malformed quoted printable denial of service attempt
RuleID : 44001 - Type : SERVER-WEBAPP - Revision : 2
2017-08-23PHP core unserialize use after free attempt
RuleID : 43668 - Type : SERVER-WEBAPP - Revision : 2
2017-07-18Oniguruma expression parser out of bounds write attempt
RuleID : 43182 - Type : FILE-OTHER - Revision : 2
2017-07-18Oniguruma expression parser out of bounds write attempt
RuleID : 43181 - Type : FILE-OTHER - Revision : 2
2017-02-23PHP ZipArchive getFromIndex and getFromName integer overflow attempt
RuleID : 41384 - Type : SERVER-WEBAPP - Revision : 2
2017-02-23PHP ZipArchive getFromIndex and getFromName integer overflow attempt
RuleID : 41383 - Type : SERVER-WEBAPP - Revision : 2
2016-11-01PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt
RuleID : 40297 - Type : FILE-IMAGE - Revision : 3
2016-11-01PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt
RuleID : 40296 - Type : FILE-IMAGE - Revision : 2
2016-11-01PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt
RuleID : 40295 - Type : FILE-IMAGE - Revision : 2
2016-11-01PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt
RuleID : 40294 - Type : FILE-IMAGE - Revision : 2
2016-10-20PHP exif_process_user_comment null pointer dereference attempt
RuleID : 40248 - Type : FILE-IMAGE - Revision : 3
2016-10-20PHP exif_process_user_comment null pointer dereference attempt
RuleID : 40247 - Type : FILE-IMAGE - Revision : 2
2016-10-20PHP exif_process_user_comment null pointer dereference attempt
RuleID : 40246 - Type : FILE-IMAGE - Revision : 3
2016-10-20PHP exif_process_user_comment null pointer dereference attempt
RuleID : 40245 - Type : FILE-IMAGE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-ee6707d519.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-b6072889db.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-1aeac808ce.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-791c3cfe21.nasl - Type : ACT_GATHER_INFO
2018-12-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4353.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2018-12-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201812-01.nasl - Type : ACT_GATHER_INFO
2018-10-26Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1325.nasl - Type : ACT_GATHER_INFO
2018-10-19Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1090.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1309.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1310.nasl - Type : ACT_GATHER_INFO
2018-09-24Name : The remote Fedora host is missing a security update.
File : fedora_2018-25100b492c.nasl - Type : ACT_GATHER_INFO
2018-09-20Name : The remote Debian host is missing a security update.
File : debian_DLA-1509.nasl - Type : ACT_GATHER_INFO
2018-09-18Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1249.nasl - Type : ACT_GATHER_INFO
2018-09-04Name : The remote Debian host is missing a security update.
File : debian_DLA-1490.nasl - Type : ACT_GATHER_INFO
2018-08-24Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1066.nasl - Type : ACT_GATHER_INFO
2018-08-24Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1067.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0021.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0029.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1224.nasl - Type : ACT_GATHER_INFO
2018-07-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1217.nasl - Type : ACT_GATHER_INFO
2018-06-28Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1158.nasl - Type : ACT_GATHER_INFO
2018-06-27Name : The remote Debian host is missing a security update.
File : debian_DLA-1397.nasl - Type : ACT_GATHER_INFO
2018-06-05Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_13_5.nasl - Type : ACT_GATHER_INFO
2018-05-24Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL75543432.nasl - Type : ACT_GATHER_INFO