This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:php:php:5.3.10 |
| Detail | |||
|---|---|---|---|
| Vendor | Php | First view | 2012-02-10 |
| Product | Php | Last view | 2019-03-08 |
| Version | 5.3.10 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:php:php | ||
Activity : Overall
Related : CVE
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 7.5 | 2019-03-08 | CVE-2019-9641 | Network | Low | None Requ... | |
| 5 | 2019-03-08 | CVE-2019-9639 | Network | Low | None Requ... | |
| 5 | 2019-03-08 | CVE-2019-9638 | Network | Low | None Requ... | |
| 5 | 2019-03-08 | CVE-2019-9637 | Network | Low | None Requ... | |
| 5 | 2019-02-22 | CVE-2019-9024 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 7.5 | 2019-02-22 | CVE-2019-9023 | Network | Low | None Requ... | |
| 7.5 | 2019-02-22 | CVE-2019-9021 | Network | Low | None Requ... | |
| 7.5 | 2019-02-22 | CVE-2019-9020 | Network | Low | None Requ... | |
| 5 | 2019-02-21 | CVE-2018-20783 | Network | Low | None Requ... | |
| 6.8 | 2019-01-26 | CVE-2019-6977 | Network | Medium | None Requ... | |
| 5 | 2018-12-07 | CVE-2018-19935 | Network | Low | None Requ... | |
| 6.5 | 2018-11-25 | CVE-2018-19520 | Network | Low | Requires ... | |
| 5 | 2018-11-20 | CVE-2018-19396 | Network | Low | None Requ... | |
| 5 | 2018-11-20 | CVE-2018-19395 | Network | Low | None Requ... | |
| 4.3 | 2018-09-16 | CVE-2018-17082 | Network | Medium | None Requ... | |
| 5 | 2018-08-07 | CVE-2018-15132 | Network | Low | None Requ... | |
| 5 | 2018-08-03 | CVE-2018-14883 | Network | Low | None Requ... | |
| 4.3 | 2018-08-02 | CVE-2018-14851 | Network | Medium | None Requ... | |
| 6.8 | 2018-04-29 | CVE-2018-10549 | Network | Medium | None Requ... | |
| 5 | 2018-04-29 | CVE-2018-10548 | Network | Low | None Requ... | |
| 4.3 | 2018-04-29 | CVE-2018-10547 | Network | Medium | None Requ... | |
| 5 | 2018-04-29 | CVE-2018-10546 | Network | Low | None Requ... | |
| 1.9 | 2018-04-29 | CVE-2018-10545 | Local | Medium | None Requ... | |
| 7.5 | 2018-03-01 | CVE-2018-7584 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| % | id | Name |
|---|---|---|
| 26% (51) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (29) | CWE-20 | Improper Input Validation |
| 7% (15) | CWE-189 | Numeric Errors |
| 7% (15) | CWE-125 | Out-of-bounds Read |
| 6% (12) | CWE-200 | Information Exposure |
| % | id | Name |
|---|---|---|
| 5% (10) | CWE-416 | Use After Free |
| 4% (9) | CWE-476 | NULL Pointer Dereference |
| 4% (9) | CWE-190 | Integer Overflow or Wraparound |
| 3% (6) | CWE-787 | Out-of-bounds Write |
| 3% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
| 2% (5) | CWE-399 | Resource Management Errors |
| 2% (4) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 2% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (3) | CWE-19 | Data Handling |
| 1% (2) | CWE-502 | Deserialization of Untrusted Data |
| 1% (2) | CWE-284 | Access Control (Authorization) Issues |
| 1% (2) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 1% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 1% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (1) | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
| 0% (1) | CWE-415 | Double Free |
| 0% (1) | CWE-310 | Cryptographic Issues |
| 0% (1) | CWE-254 | Security Features |
| 0% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 0% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:29107 | HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Ser... |
| oval:org.mitre.oval:def:19358 | HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Pri... |
| oval:org.mitre.oval:def:18140 | DSA-2465-1 php5 - several |
| oval:org.mitre.oval:def:21035 | RHSA-2013:1050: php53 security update (Critical) |
| oval:org.mitre.oval:def:20931 | RHSA-2013:1049: php security update (Critical) |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:18965 | DSA-2723-1 php5 - heap corruption |
| oval:org.mitre.oval:def:24124 | ELSA-2013:1049: php security update (Critical) |
| oval:org.mitre.oval:def:23414 | ELSA-2013:1050: php53 security update (Critical) |
| oval:org.mitre.oval:def:23370 | DEPRECATED: ELSA-2013:1049: php security update (Critical) |
| oval:org.mitre.oval:def:25866 | SUSE-SU-2013:1285-2 -- Security update for PHP5 |
| oval:org.mitre.oval:def:25802 | SUSE-SU-2013:1317-1 -- Security update for PHP5 |
| oval:org.mitre.oval:def:25747 | SUSE-SU-2013:1316-1 -- Security update for PHP5 |
| oval:org.mitre.oval:def:25298 | SUSE-SU-2013:1285-1 -- Security update for PHP5 |
| oval:org.mitre.oval:def:27533 | DEPRECATED: ELSA-2013-1050 -- php53 security update (critical) |
| oval:org.mitre.oval:def:27441 | DEPRECATED: ELSA-2013-1049 -- php security update (critical) |
| oval:org.mitre.oval:def:21114 | RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate) |
| oval:org.mitre.oval:def:18927 | USN-1937-1 -- php5 vulnerability |
| oval:org.mitre.oval:def:18760 | DSA-2742-1 php5 - interpretation conflict |
| oval:org.mitre.oval:def:23222 | ELSA-2013:1307: php53 security, bug fix and enhancement update (Moderate) |
| oval:org.mitre.oval:def:25611 | SUSE-SU-2014:0063-1 -- Security update for PHP5 |
| oval:org.mitre.oval:def:25595 | SUSE-SU-2014:0064-1 -- Security update for PHP5 |
| oval:org.mitre.oval:def:25081 | SUSE-SU-2014:0062-1 -- Security update for PHP5 |
| oval:org.mitre.oval:def:26232 | SUSE-SU-2014:0873-1 -- Security update for PHP5 |
| oval:org.mitre.oval:def:27044 | RHSA-2013:1615 -- php security, bug fix, and enhancement update (Moderate) |
| oval:org.mitre.oval:def:27442 | ELSA-2013-1615 -- php security, bug fix, and enhancement update (moderate) |
SAINT Exploits
| Description | Link |
|---|---|
| PHP CGI Query String Parameters Command Execution | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 30395 | PHP openssl_x509_parse() - Memory Corruption Vulnerability |
| 29290 | Apache / PHP 5.x Remote Code Execution Exploit |
| 25986 | Plesk Apache Zeroday Remote Exploit |
| 18836 | PHP CGI Argument Injection Exploit |
| 18834 | PHP CGI Argument Injection |
OpenVAS Exploits
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update) File : nvt/gb_suse_2012_0426_1.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0590-1 (update) File : nvt/gb_suse_2012_0590_1.nasl |
| 2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL) File : nvt/glsa_201209_24.nasl |
| 2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-03 (php) File : nvt/glsa_201209_03.nasl |
| 2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
| id | Description |
|---|---|
| 2012-09-24 | Name : PHP 'main/SAPI.c' HTTP Header Injection Vulnerability File : nvt/gb_php_http_header_injection_vuln_win.nasl |
| 2012-09-22 | Name : Ubuntu Update for php5 USN-1569-1 File : nvt/gb_ubuntu_USN_1569_1.nasl |
| 2012-09-19 | Name : FreeBSD Ports: php5-sqlite File : nvt/freebsd_php5-sqlite.nasl |
| 2012-09-10 | Name : Slackware Advisory SSA:2012-204-01 php File : nvt/esoft_slk_ssa_2012_204_01.nasl |
| 2012-09-07 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php519.nasl |
| 2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-7628 File : nvt/gb_fedora_2012_7628_maniadrive_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for php FEDORA-2012-7628 File : nvt/gb_fedora_2012_7628_php_fc17.nasl |
| 2012-08-30 | Name : Debian Security Advisory DSA 2527-1 (php5) File : nvt/deb_2527_1.nasl |
| 2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-10936 File : nvt/gb_fedora_2012_10936_maniadrive_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for php FEDORA-2012-10936 File : nvt/gb_fedora_2012_10936_php_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-8924 File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-12156 File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl |
| 2012-08-30 | Name : Fedora Update for postgresql FEDORA-2012-12165 File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-9490 File : nvt/gb_fedora_2012_9490_maniadrive_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for php FEDORA-2012-9490 File : nvt/gb_fedora_2012_9490_php_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for maniadrive FEDORA-2012-6869 File : nvt/gb_fedora_2012_6869_maniadrive_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for php FEDORA-2012-6869 File : nvt/gb_fedora_2012_6869_php_fc17.nasl |
| 2012-08-27 | Name : PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows) File : nvt/gb_php_pdo_sql_parser_re_file_pdo_ext_dos_vuln_win.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2491-1 (postgresql-8.4) File : nvt/deb_2491_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2492-1 (php5) File : nvt/deb_2492_1.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0108 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0061365 |
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity : Category I - VMSKEY : V0061337 |
| 2014-B-0086 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0052897 |
| 2014-B-0021 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0044541 |
| 2014-A-0030 | Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
| id | Description |
|---|---|
| 2013-A-0179 | Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373 |
| 2013-B-0093 | Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0040108 |
Snort® IPS/IDS
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Description |
|---|---|
| 2019-05-07 | PHP gdImageColorMatch heap buffer overflow file download attempt RuleID : 49673 - Type : SERVER-OTHER - Revision : 1 |
| 2019-05-07 | PHP gdImageColorMatch heap buffer overflow file upload attempt RuleID : 49672 - Type : SERVER-OTHER - Revision : 1 |
| 2018-12-11 | CVE PHP infinite loop from use of stream filter and convert.iconv file upload... RuleID : 48354 - Type : SERVER-WEBAPP - Revision : 2 |
| 2018-06-26 | PHP .phar cross site scripting attempt RuleID : 46808 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44749 - Type : SERVER-WEBAPP - Revision : 2 |
| Date | Description |
|---|---|
| 2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44748 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44747 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44746 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44745 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-12-13 | PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44744 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-10-24 | PHP form-based file upload DoS attempt RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-09-19 | PHP malformed quoted printable denial of service attempt RuleID : 44001 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-08-23 | PHP core unserialize use after free attempt RuleID : 43668 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-07-18 | Oniguruma expression parser out of bounds write attempt RuleID : 43182 - Type : FILE-OTHER - Revision : 2 |
| 2017-07-18 | Oniguruma expression parser out of bounds write attempt RuleID : 43181 - Type : FILE-OTHER - Revision : 2 |
| 2017-03-28 | PHP Exception Handling remote denial of service attempt RuleID : 41690 - Type : SERVER-OTHER - Revision : 2 |
| 2017-03-28 | PHP Exception Handling remote denial of service attempt RuleID : 41689 - Type : SERVER-OTHER - Revision : 2 |
| 2017-02-23 | PHP ZipArchive getFromIndex and getFromName integer overflow attempt RuleID : 41384 - Type : SERVER-WEBAPP - Revision : 2 |
| 2017-02-23 | PHP ZipArchive getFromIndex and getFromName integer overflow attempt RuleID : 41383 - Type : SERVER-WEBAPP - Revision : 2 |
| 2016-11-01 | PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt RuleID : 40297 - Type : FILE-IMAGE - Revision : 3 |
| 2016-11-01 | PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt RuleID : 40296 - Type : FILE-IMAGE - Revision : 2 |
| 2016-11-01 | PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt RuleID : 40295 - Type : FILE-IMAGE - Revision : 2 |
| 2016-11-01 | PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt RuleID : 40294 - Type : FILE-IMAGE - Revision : 2 |
| 2016-10-20 | PHP exif_process_user_comment null pointer dereference attempt RuleID : 40248 - Type : FILE-IMAGE - Revision : 3 |
| 2016-10-20 | PHP exif_process_user_comment null pointer dereference attempt RuleID : 40247 - Type : FILE-IMAGE - Revision : 2 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2019-01-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2019-1147.nasl - Type : ACT_GATHER_INFO |
| 2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-ee6707d519.nasl - Type : ACT_GATHER_INFO |
| 2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-b6072889db.nasl - Type : ACT_GATHER_INFO |
| 2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-1aeac808ce.nasl - Type : ACT_GATHER_INFO |
| 2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-791c3cfe21.nasl - Type : ACT_GATHER_INFO |
| id | Description |
|---|---|
| 2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-7ebfe1e6f2.nasl - Type : ACT_GATHER_INFO |
| 2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-dfe1f0bac6.nasl - Type : ACT_GATHER_INFO |
| 2018-12-17 | Name : The remote Debian host is missing a security update. File : debian_DLA-1608.nasl - Type : ACT_GATHER_INFO |
| 2018-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4353.nasl - Type : ACT_GATHER_INFO |
| 2018-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201812-01.nasl - Type : ACT_GATHER_INFO |
| 2018-10-26 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1325.nasl - Type : ACT_GATHER_INFO |
| 2018-10-19 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1090.nasl - Type : ACT_GATHER_INFO |
| 2018-09-27 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1309.nasl - Type : ACT_GATHER_INFO |
| 2018-09-27 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1310.nasl - Type : ACT_GATHER_INFO |
| 2018-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2018-25100b492c.nasl - Type : ACT_GATHER_INFO |
| 2018-09-20 | Name : The remote Debian host is missing a security update. File : debian_DLA-1509.nasl - Type : ACT_GATHER_INFO |
| 2018-09-18 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1249.nasl - Type : ACT_GATHER_INFO |
| 2018-09-04 | Name : The remote Debian host is missing a security update. File : debian_DLA-1490.nasl - Type : ACT_GATHER_INFO |
| 2018-08-24 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1066.nasl - Type : ACT_GATHER_INFO |
| 2018-08-24 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1067.nasl - Type : ACT_GATHER_INFO |
| 2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0021.nasl - Type : ACT_GATHER_INFO |
| 2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2017-0029.nasl - Type : ACT_GATHER_INFO |
| 2018-08-10 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1224.nasl - Type : ACT_GATHER_INFO |
| 2018-07-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO |
| 2018-07-03 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2018-1217.nasl - Type : ACT_GATHER_INFO |
