Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2014-2020 First vendor Publication 2014-02-18
Vendor Cve Last vendor Modification 2014-03-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2020

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24369
 
Oval ID: oval:org.mitre.oval:def:24369
Title: USN-2126-1 -- php5 vulnerabilities
Description: Several security issues were fixed in PHP.
Family: unix Class: patch
Reference(s): USN-2126-1
CVE-2014-1943
CVE-2013-7226
CVE-2013-7327
CVE-2013-7328
CVE-2014-2020
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): php5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 543

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-02-27 IAVM : 2014-B-0021 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0044541

Nessus® Vulnerability Scanner

Date Description
2014-03-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2126-1.nasl - Type : ACT_GATHER_INFO
2014-02-14 Name : The remote web server uses a version of PHP that is potentially affected by m...
File : php_5_5_9.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://bugs.php.net/bug.php?id=66356
https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01
UBUNTU http://www.ubuntu.com/usn/USN-2126-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Date Informations
2024-02-02 01:26:49
  • Multiple Updates
2024-02-01 12:07:57
  • Multiple Updates
2023-09-05 12:25:24
  • Multiple Updates
2023-09-05 01:07:51
  • Multiple Updates
2023-09-02 12:25:22
  • Multiple Updates
2023-09-02 01:07:58
  • Multiple Updates
2023-08-12 12:27:39
  • Multiple Updates
2023-08-12 01:07:28
  • Multiple Updates
2023-08-11 12:23:31
  • Multiple Updates
2023-08-11 01:07:39
  • Multiple Updates
2023-08-06 12:22:52
  • Multiple Updates
2023-08-06 01:07:26
  • Multiple Updates
2023-08-04 12:22:54
  • Multiple Updates
2023-08-04 01:07:30
  • Multiple Updates
2023-07-14 12:22:52
  • Multiple Updates
2023-07-14 01:07:29
  • Multiple Updates
2023-03-29 01:24:46
  • Multiple Updates
2023-03-28 12:07:50
  • Multiple Updates
2022-10-11 12:20:39
  • Multiple Updates
2022-10-11 01:07:38
  • Multiple Updates
2021-05-04 12:30:48
  • Multiple Updates
2021-04-22 01:37:17
  • Multiple Updates
2020-05-23 01:51:30
  • Multiple Updates
2020-05-23 00:40:22
  • Multiple Updates
2019-06-08 12:06:02
  • Multiple Updates
2018-10-03 12:04:07
  • Multiple Updates
2018-03-12 12:00:58
  • Multiple Updates
2016-10-05 01:01:32
  • Multiple Updates
2016-06-28 22:38:53
  • Multiple Updates
2014-03-08 13:23:41
  • Multiple Updates
2014-03-05 13:29:20
  • Multiple Updates
2014-02-28 17:19:21
  • Multiple Updates
2014-02-19 13:21:58
  • Multiple Updates
2014-02-19 00:19:36
  • Multiple Updates
2014-02-18 17:20:22
  • First insertion