Executive Summary

Informations
NameCVE-2014-4721First vendor Publication2014-07-06
VendorCveLast vendor Modification2017-01-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25226
 
Oval ID: oval:org.mitre.oval:def:25226
Title: USN-2276-1 -- php5 vulnerabilities
Description: Several security issues were fixed in PHP.
Family: unix Class: patch
Reference(s): USN-2276-1
CVE-2014-0207
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-4670
CVE-2014-4698
CVE-2014-4721
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24837
 
Oval ID: oval:org.mitre.oval:def:24837
Title: DSA-2974-1 -- php5 - security update
Description: Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family: unix Class: patch
Reference(s): DSA-2974-1
CVE-2014-0207
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-4721
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25721
 
Oval ID: oval:org.mitre.oval:def:25721
Title: SUSE-SU-2014:0938-1 -- Security update for PHP 5.3
Description: PHP 5.3 has been updated to fix several security problems.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0938-1
CVE-2014-3515
CVE-2014-0207
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-4670
CVE-2014-4698
CVE-2014-4721
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): PHP 5.3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26421
 
Oval ID: oval:org.mitre.oval:def:26421
Title: RHSA-2014:1013: php security update (Moderate)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2013-7345) Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1013-00
CESA-2014:1013
CVE-2013-7345
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-4049
CVE-2014-4721
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26314
 
Oval ID: oval:org.mitre.oval:def:26314
Title: RHSA-2014:1012: php53 and php security update (Moderate)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2014:1012-00
CESA-2014:1012
CVE-2012-1571
CVE-2013-6712
CVE-2014-0237
CVE-2014-0238
CVE-2014-1943
CVE-2014-2270
CVE-2014-3479
CVE-2014-3480
CVE-2014-3515
CVE-2014-4049
CVE-2014-4721
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
Product(s): php53
php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26721
 
Oval ID: oval:org.mitre.oval:def:26721
Title: ELSA-2014-1013 -- php security update (moderate)
Description: [5.4.16-23] - fileinfo: cdf_unpack_summary_info() excessive looping DoS. CVE-2014-0237 - fileinfo: CDF property info parsing nelements infinite loop. CVE-2014-0238 - fileinfo: cdf_check_stream_offset insufficient boundary check. CVE-2014-3479 - fileinfo: cdf_count_chain insufficient boundary check CVE-2014-3480 - fileinfo: cdf_read_short_sector insufficient boundary check. CVE-2014-0207 - fileinfo: cdf_read_property_info insufficient boundary check. CVE-2014-3487 - fileinfo: fix extensive backtracking CVE-2013-7345 - core: type confusion issue in phpinfo(). CVE-2014-4721 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw. CVE-2014-3515
Family: unix Class: patch
Reference(s): ELSA-2014-1013
CVE-2013-7345
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-4049
CVE-2014-4721
Version: 3
Platform(s): Oracle Linux 7
Product(s): php
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application520

Nessus® Vulnerability Scanner

DateDescription
2016-08-29Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2015-09-24Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL17313.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-26Name : The remote Debian host is missing a security update.
File : debian_DLA-18.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140806_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-01Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-471.nasl - Type : ACT_GATHER_INFO
2014-07-31Name : The remote openSUSE host is missing a security update.
File : suse_12_3_openSUSE-2014--140721.nasl - Type : ACT_GATHER_INFO
2014-07-31Name : The remote openSUSE host is missing a security update.
File : suse_13_1_openSUSE-2014--140721.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-140720.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-130.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2276-1.nasl - Type : ACT_GATHER_INFO
2014-07-09Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2974.nasl - Type : ACT_GATHER_INFO
2014-06-27Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_4_30.nasl - Type : ACT_GATHER_INFO
2014-06-27Name : The remote web server is running a version of PHP that is affected by multipl...
File : php_5_5_14.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21683486
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=67498
DEBIAN http://www.debian.org/security/2014/dsa-2974
MISC http://twitter.com/mikispag/statuses/485713462258302976
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
SECUNIA http://secunia.com/advisories/54553
SUSE http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
DateInformations
2019-06-08 12:06:17
  • Multiple Updates
2018-10-03 12:04:19
  • Multiple Updates
2018-03-12 12:01:11
  • Multiple Updates
2017-01-07 09:25:40
  • Multiple Updates
2016-10-26 09:22:43
  • Multiple Updates
2016-10-05 01:01:43
  • Multiple Updates
2016-08-30 13:21:27
  • Multiple Updates
2016-06-29 00:37:45
  • Multiple Updates
2016-04-27 01:02:48
  • Multiple Updates
2015-09-25 13:23:54
  • Multiple Updates
2015-03-31 13:28:40
  • Multiple Updates
2015-03-27 13:28:25
  • Multiple Updates
2014-11-19 09:24:12
  • Multiple Updates
2014-11-14 13:28:32
  • Multiple Updates
2014-08-08 13:24:47
  • Multiple Updates
2014-08-07 13:25:17
  • Multiple Updates
2014-08-02 13:24:24
  • Multiple Updates
2014-08-01 13:25:17
  • Multiple Updates
2014-07-31 13:25:26
  • Multiple Updates
2014-07-18 09:23:54
  • Multiple Updates
2014-07-11 13:25:11
  • Multiple Updates
2014-07-10 13:25:11
  • Multiple Updates
2014-07-09 13:25:40
  • Multiple Updates
2014-07-07 21:24:13
  • Multiple Updates
2014-07-07 05:23:22
  • First insertion