Executive Summary

Informations
NameCVE-2014-3487First vendor Publication2014-07-09
VendorCveLast vendor Modification2016-11-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application52
Application520

Information Assurance Vulnerability Management (IAVM)

DateDescription
2014-07-03IAVM : 2014-B-0086 - Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0052897

Nessus® Vulnerability Scanner

DateDescription
2016-08-29Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2015-12-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_file_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-04-10Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-04-10Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote Debian host is missing a security update.
File : debian_DLA-27.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote Debian host is missing a security update.
File : debian_DLA-50.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-367.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-372.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-382.nasl - Type : ACT_GATHER_INFO
2014-09-18Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-09-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3021.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-140720.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-464.nasl - Type : ACT_GATHER_INFO
2014-07-16Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2278-1.nasl - Type : ACT_GATHER_INFO
2014-07-14Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-192-01.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-130.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-131.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2276-1.nasl - Type : ACT_GATHER_INFO
2014-07-09Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2974.nasl - Type : ACT_GATHER_INFO
2014-07-08Name : The remote Fedora host is missing a security update.
File : fedora_2014-7782.nasl - Type : ACT_GATHER_INFO
2014-07-06Name : The remote Fedora host is missing a security update.
File : fedora_2014-7992.nasl - Type : ACT_GATHER_INFO
2014-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2014-7765.nasl - Type : ACT_GATHER_INFO
2014-06-27Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_4_30.nasl - Type : ACT_GATHER_INFO
2014-06-27Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_5_14.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BID http://www.securityfocus.com/bid/68120
CONFIRM http://support.apple.com/kb/HT6443
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-271964...
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=67413
https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
https://support.apple.com/HT204659
DEBIAN http://www.debian.org/security/2014/dsa-2974
http://www.debian.org/security/2014/dsa-3021
HP http://marc.info/?l=bugtraq&m=141017844705317&w=2
MLIST http://mx.gw.com/pipermail/file/2014/001553.html
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
SUSE http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
DateInformations
2019-06-08 12:06:11
  • Multiple Updates
2018-10-03 12:04:14
  • Multiple Updates
2018-03-12 12:01:06
  • Multiple Updates
2016-11-29 00:24:54
  • Multiple Updates
2016-10-26 09:22:42
  • Multiple Updates
2016-10-15 09:24:38
  • Multiple Updates
2016-10-05 01:01:39
  • Multiple Updates
2016-08-30 13:21:27
  • Multiple Updates
2016-08-23 09:24:50
  • Multiple Updates
2016-06-28 22:51:03
  • Multiple Updates
2016-04-27 00:50:57
  • Multiple Updates
2015-12-23 13:25:35
  • Multiple Updates
2015-12-03 13:26:20
  • Multiple Updates
2015-11-25 13:26:42
  • Multiple Updates
2015-11-21 13:25:37
  • Multiple Updates
2015-04-22 00:26:06
  • Multiple Updates
2015-04-21 09:24:57
  • Multiple Updates
2015-04-14 09:27:22
  • Multiple Updates
2015-04-11 13:28:42
  • Multiple Updates
2015-03-31 13:28:29
  • Multiple Updates
2015-03-27 13:28:10
  • Multiple Updates
2014-11-19 09:23:34
  • Multiple Updates
2014-10-12 13:27:19
  • Multiple Updates
2014-09-23 13:28:02
  • Multiple Updates
2014-09-19 13:27:36
  • Multiple Updates
2014-09-11 13:25:45
  • Multiple Updates
2014-08-08 13:24:45
  • Multiple Updates
2014-08-07 13:25:15
  • Multiple Updates
2014-07-31 13:25:22
  • Multiple Updates
2014-07-25 13:21:51
  • Multiple Updates
2014-07-18 09:23:25
  • Multiple Updates
2014-07-17 13:24:35
  • Multiple Updates
2014-07-16 21:23:45
  • Multiple Updates
2014-07-14 13:25:58
  • Multiple Updates
2014-07-12 00:21:50
  • Multiple Updates
2014-07-11 13:25:09
  • Multiple Updates
2014-07-10 13:25:10
  • Multiple Updates
2014-07-09 21:24:55
  • Multiple Updates
2014-07-09 17:23:49
  • First insertion