7.5 - CVE-2014-9427

Executive Summary

Informations
Name	CVE-2014-9427	First vendor Publication	2015-01-02
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Php cpe:2.3:a:php:php:5.6.4:-:::::: cpe:2.3:a:php:php:5.6.3:-:::::: cpe:2.3:a:php:php:5.6.2:::::::* cpe:2.3:a:php:php:5.6.0:alpha1:::::: cpe:2.3:a:php:php:5.6.0:beta2:::::: cpe:2.3:a:php:php:5.6.0:beta3:::::: cpe:2.3:a:php:php:5.6.0:beta4:::::: cpe:2.3:a:php:php:5.6.0:beta1:::::: cpe:2.3:a:php:php:5.6.0:alpha4:::::: cpe:2.3:a:php:php:5.6.0:alpha5:::::: cpe:2.3:a:php:php:5.6.0:alpha2:::::: cpe:2.3:a:php:php:5.6.0:alpha3:::::: cpe:2.3:a:php:php:5.5.9:-:::::: cpe:2.3:a:php:php:5.5.8:-:::::: cpe:2.3:a:php:php:5.5.7:-:::::: cpe:2.3:a:php:php:5.5.6:-:::::: cpe:2.3:a:php:php:5.5.5:-:::::: cpe:2.3:a:php:php:5.5.4:-:::::: cpe:2.3:a:php:php:5.5.3:::::::* cpe:2.3:a:php:php:5.5.20:-:::::: cpe:2.3:a:php:php:5.5.2:-:::::: cpe:2.3:a:php:php:5.5.19:-:::::: cpe:2.3:a:php:php:5.5.18:-:::::: cpe:2.3:a:php:php:5.5.14:-:::::: cpe:2.3:a:php:php:5.5.13:-:::::: cpe:2.3:a:php:php:5.5.12:-:::::: cpe:2.3:a:php:php:5.5.11:-:::::: cpe:2.3:a:php:php:5.5.10:-:::::: cpe:2.3:a:php:php:5.5.1:::::::* cpe:2.3:a:php:php:5.5.0:alpha1:::::: cpe:2.3:a:php:php:5.5.0:beta4:::::: cpe:2.3:a:php:php:5.5.0:alpha6:::::: cpe:2.3:a:php:php:5.5.0:alpha2:::::: cpe:2.3:a:php:php:5.5.0:alpha5:::::: cpe:2.3:a:php:php:5.5.0:beta3:::::: cpe:2.3:a:php:php:5.5.0:beta2:::::: cpe:2.3:a:php:php:5.5.0:rc1:::::: cpe:2.3:a:php:php:5.5.0:alpha4:::::: cpe:2.3:a:php:php:5.5.0:beta1:::::: cpe:2.3:a:php:php:5.5.0:alpha3:::::: cpe:2.3:a:php:php:5.5.0:rc2:::::: cpe:2.3:a:php:php:5.5.0:-:::::: cpe:2.3:a:php:php:5.4.36:::::::* cpe:2.3:a:php:php:5.4.35:::::::* cpe:2.3:a:php:php:5.4.34:::::::* cpe:2.3:a:php:php:5.4.30:-:::::: cpe:2.3:a:php:php:5.4.3:::::::* cpe:2.3:a:php:php:5.4.29:-:::::: cpe:2.3:a:php:php:5.4.28:-:::::: cpe:2.3:a:php:php:5.4.27:-:::::: cpe:2.3:a:php:php:5.4.26:-:::::: cpe:2.3:a:php:php:5.4.25:-:::::: cpe:2.3:a:php:php:5.4.24:-:::::: cpe:2.3:a:php:php:5.4.23:-:::::: cpe:2.3:a:php:php:5.4.22:-:::::: cpe:2.3:a:php:php:5.4.21:-:::::: cpe:2.3:a:php:php:5.4.20:-:::::: cpe:2.3:a:php:php:5.4.2:::::::* cpe:2.3:a:php:php:5.4.19:::::::* cpe:2.3:a:php:php:5.4.18:-:::::: cpe:2.3:a:php:php:5.4.17:-:::::: cpe:2.3:a:php:php:5.4.16:rc1:::::: cpe:2.3:a:php:php:5.4.15:rc1:::::: cpe:2.3:a:php:php:5.4.14:rc1:::::: cpe:2.3:a:php:php:5.4.14:-:::::: cpe:2.3:a:php:php:5.4.13:rc1:::::: cpe:2.3:a:php:php:5.4.13:-:::::: cpe:2.3:a:php:php:5.4.12:rc2:::::: cpe:2.3:a:php:php:5.4.12:rc1:::::: cpe:2.3:a:php:php:5.4.12:-:::::: cpe:2.3:a:php:php:5.4.11:-:::::: cpe:2.3:a:php:php:5.4.10:-:::::: cpe:2.3:a:php:php:5.4.1:::::::* cpe:2.3:a:php:php:5.4.0:-:::::: cpe:2.3:a:php:php:5.3.9:-:::::: cpe:2.3:a:php:php:5.3.8:::::::* cpe:2.3:a:php:php:5.3.7:-:::::: cpe:2.3:a:php:php:5.3.6:::::::* cpe:2.3:a:php:php:5.3.5:::::::* cpe:2.3:a:php:php:5.3.4:-:::::: cpe:2.3:a:php:php:5.3.3:-:::::: cpe:2.3:a:php:php:5.3.28:::::::* cpe:2.3:a:php:php:5.3.27:-:::::: cpe:2.3:a:php:php:5.3.26:-:::::: cpe:2.3:a:php:php:5.3.25:-:::::: cpe:2.3:a:php:php:5.3.24:-:::::: cpe:2.3:a:php:php:5.3.23:-:::::: cpe:2.3:a:php:php:5.3.22:-:::::: cpe:2.3:a:php:php:5.3.21:-:::::: cpe:2.3:a:php:php:5.3.20:-:::::: cpe:2.3:a:php:php:5.3.2:-:::::: cpe:2.3:a:php:php:5.3.19:-:::::: cpe:2.3:a:php:php:5.3.18:-:::::: cpe:2.3:a:php:php:5.3.17:::::::* cpe:2.3:a:php:php:5.3.16:::::::* cpe:2.3:a:php:php:5.3.15:-:::::: cpe:2.3:a:php:php:5.3.14:-:::::: cpe:2.3:a:php:php:5.3.13:::::::* cpe:2.3:a:php:php:5.3.12:::::::* cpe:2.3:a:php:php:5.3.11:-:::::: cpe:2.3:a:php:php:5.3.10:::::::* cpe:2.3:a:php:php:5.3.1:-:::::: cpe:2.3:a:php:php:5.3.0:-:::::: cpe:2.3:a:php:php:5.2.9:-:::::: cpe:2.3:a:php:php:5.2.8:::::::* cpe:2.3:a:php:php:5.2.7:-:::::: cpe:2.3:a:php:php:5.2.6:-:::::: cpe:2.3:a:php:php:5.2.5:-:::::: cpe:2.3:a:php:php:5.2.4:-:::::: cpe:2.3:a:php:php:5.2.3:-:::::: cpe:2.3:a:php:php:5.2.2:-:::::: cpe:2.3:a:php:php:5.2.17:::::::* cpe:2.3:a:php:php:5.2.16:::::::* cpe:2.3:a:php:php:5.2.15:-:::::: cpe:2.3:a:php:php:5.2.14:-:::::: cpe:2.3:a:php:php:5.2.13:-:::::: cpe:2.3:a:php:php:5.2.12:-:::::: cpe:2.3:a:php:php:5.2.11:-:::::: cpe:2.3:a:php:php:5.2.10:-:::::: cpe:2.3:a:php:php:5.2.1:-:::::: cpe:2.3:a:php:php:5.2.0:::::::* cpe:2.3:a:php:php:5.1.6:::::::* cpe:2.3:a:php:php:5.1.5:-:::::: cpe:2.3:a:php:php:5.1.4:::::::* cpe:2.3:a:php:php:5.1.3:::::::* cpe:2.3:a:php:php:5.1.2:-:::::: cpe:2.3:a:php:php:5.1.1:::::::* cpe:2.3:a:php:php:5.1.0:-:::::: cpe:2.3:a:php:php:5.0.5:-:::::: cpe:2.3:a:php:php:5.0.4:-:::::: cpe:2.3:a:php:php:5.0.3:-:::::: cpe:2.3:a:php:php:5.0.2:-:::::: cpe:2.3:a:php:php:5.0.1:-:::::: cpe:2.3:a:php:php:5.0.0:beta3:::::: cpe:2.3:a:php:php:5.0.0:rc3:::::: cpe:2.3:a:php:php:5.0.0:beta1:::::: cpe:2.3:a:php:php:5.0.0:beta4:::::: cpe:2.3:a:php:php:5.0.0:rc1:::::: cpe:2.3:a:php:php:5.0.0:beta2:::::: cpe:2.3:a:php:php:5.0.0:rc2:::::: cpe:2.3:a:php:php:5.0.0:-:::::: cpe:2.3:a:php:php:4.4.9:-:::::: cpe:2.3:a:php:php:4.4.8:-:::::: cpe:2.3:a:php:php:4.4.7:-:::::: cpe:2.3:a:php:php:4.4.6:-:::::: cpe:2.3:a:php:php:4.4.5:-:::::: cpe:2.3:a:php:php:4.4.4:-:::::: cpe:2.3:a:php:php:4.4.3:-:::::: cpe:2.3:a:php:php:4.4.2:-:::::: cpe:2.3:a:php:php:4.4.1:-:::::: cpe:2.3:a:php:php:4.4.0:-:::::: cpe:2.3:a:php:php:4.3.9:::::::* cpe:2.3:a:php:php:4.3.8:::::::* cpe:2.3:a:php:php:4.3.7:-:::::: cpe:2.3:a:php:php:4.3.6:-:::::: cpe:2.3:a:php:php:4.3.5:-:::::: cpe:2.3:a:php:php:4.3.4:-:::::: cpe:2.3:a:php:php:4.3.3:-:::::: cpe:2.3:a:php:php:4.3.2:-:::::: cpe:2.3:a:php:php:4.3.11:-:::::: cpe:2.3:a:php:php:4.3.10:-:::::: cpe:2.3:a:php:php:4.3.1:::::::* cpe:2.3:a:php:php:4.3.0:-:::::: cpe:2.3:a:php:php:4.2.3:-:::::: cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.2.1:-:::::: cpe:2.3:a:php:php:4.2.0:-:::::: cpe:2.3:a:php:php:4.1.2:::::::* cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.1.0:-:::::: cpe:2.3:a:php:php:4.0.7:-:::::: cpe:2.3:a:php:php:4.0.6:-:::::: cpe:2.3:a:php:php:4.0.5:-:::::: cpe:2.3:a:php:php:4.0.4:-:::::: cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.0.1:-:::::: cpe:2.3:a:php:php:4.0.0:::::::* cpe:2.3:a:php:php:4.0:beta1:::::: cpe:2.3:a:php:php:4.0:beta2:::::: cpe:2.3:a:php:php:4.0:beta3:::::: cpe:2.3:a:php:php:4.0:beta4:::::: cpe:2.3:a:php:php:4.0:beta_4_patch1:::::: cpe:2.3:a:php:php:3.0.9:::::::* cpe:2.3:a:php:php:3.0.8:::::::* cpe:2.3:a:php:php:3.0.7:::::::* cpe:2.3:a:php:php:3.0.6:::::::* cpe:2.3:a:php:php:3.0.5:::::::* cpe:2.3:a:php:php:3.0.4:::::::* cpe:2.3:a:php:php:3.0.3:::::::* cpe:2.3:a:php:php:3.0.2:::::::* cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:3.0.17:::::::* cpe:2.3:a:php:php:3.0.16:::::::* cpe:2.3:a:php:php:3.0.15:::::::* cpe:2.3:a:php:php:3.0.14:::::::* cpe:2.3:a:php:php:3.0.13:::::::* cpe:2.3:a:php:php:3.0.12:::::::* cpe:2.3:a:php:php:3.0.11:::::::* cpe:2.3:a:php:php:3.0.10:::::::* cpe:2.3:a:php:php:3.0.1:::::::* cpe:2.3:a:php:php:3.0:::::::* cpe:2.3:a:php:php:2.0b10:::::::* cpe:2.3:a:php:php:2.0:::::::* cpe:2.3:a:php:php:1.0.0:-::::::	205

Nessus® Vulnerability Scanner

Date	Description
2015-10-05	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11.nasl - Type : ACT_GATHER_INFO
2015-07-22	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201503-03.nasl - Type : ACT_GATHER_INFO
2015-02-20	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-163.nasl - Type : ACT_GATHER_INFO
2015-02-18	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2501-1.nasl - Type : ACT_GATHER_INFO
2015-02-13	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-474.nasl - Type : ACT_GATHER_INFO
2015-02-13	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-475.nasl - Type : ACT_GATHER_INFO
2015-02-06	Name : The remote Fedora host is missing a security update. File : fedora_2015-1058.nasl - Type : ACT_GATHER_INFO
2015-02-06	Name : The remote Fedora host is missing a security update. File : fedora_2015-1101.nasl - Type : ACT_GATHER_INFO
2015-02-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-032.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_4_37.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_21.nasl - Type : ACT_GATHER_INFO
2015-01-29	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_6_5.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f9ad3086693fce680fbe246e4a45...

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BID	http://www.securityfocus.com/bid/71833
CONFIRM	http://advisories.mageia.org/MGASA-2015-0040.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-286720... https://bugs.php.net/bug.php?id=68618 https://support.apple.com/HT205267
GENTOO	https://security.gentoo.org/glsa/201503-03
HP	http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2015:032
MLIST	http://openwall.com/lists/oss-security/2014/12/31/6 http://openwall.com/lists/oss-security/2015/01/01/1 http://openwall.com/lists/oss-security/2015/01/03/4
REDHAT	http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:29:42	Multiple Updates
2024-02-01 12:08:43	Multiple Updates
2023-11-07 21:45:06	Multiple Updates
2023-09-05 12:28:10	Multiple Updates
2023-09-05 01:08:35	Multiple Updates
2023-09-02 12:28:10	Multiple Updates
2023-09-02 01:08:43	Multiple Updates
2023-08-12 12:30:41	Multiple Updates
2023-08-12 01:08:12	Multiple Updates
2023-08-11 12:26:16	Multiple Updates
2023-08-11 01:08:25	Multiple Updates
2023-08-06 12:25:31	Multiple Updates
2023-08-06 01:08:11	Multiple Updates
2023-08-04 12:25:35	Multiple Updates
2023-08-04 01:08:15	Multiple Updates
2023-07-14 12:25:34	Multiple Updates
2023-07-14 01:08:13	Multiple Updates
2023-03-29 01:27:21	Multiple Updates
2023-03-28 12:08:34	Multiple Updates
2022-10-11 12:23:04	Multiple Updates
2022-10-11 01:08:22	Multiple Updates
2021-05-04 12:35:36	Multiple Updates
2021-04-22 01:42:50	Multiple Updates
2020-05-23 00:43:00	Multiple Updates
2019-06-08 12:06:32	Multiple Updates
2016-12-31 09:24:22	Multiple Updates
2016-12-07 09:24:13	Multiple Updates
2016-11-29 00:24:57	Multiple Updates
2016-10-12 09:24:05	Multiple Updates
2016-08-23 09:24:53	Multiple Updates
2016-04-27 01:33:47	Multiple Updates
2015-10-10 09:23:12	Multiple Updates
2015-10-07 13:24:27	Multiple Updates
2015-07-24 13:29:16	Multiple Updates
2015-04-18 09:26:40	Multiple Updates
2015-04-15 09:28:47	Multiple Updates
2015-03-31 13:29:06	Multiple Updates
2015-03-17 09:26:58	Multiple Updates
2015-03-10 13:25:07	Multiple Updates
2015-02-21 13:24:16	Multiple Updates
2015-02-19 13:24:55	Multiple Updates
2015-02-14 13:23:51	Multiple Updates
2015-02-07 13:25:14	Multiple Updates
2015-01-30 13:24:24	Multiple Updates
2015-01-12 13:24:04	Multiple Updates
2015-01-07 09:24:48	Multiple Updates
2015-01-06 00:24:07	Multiple Updates
2015-01-03 09:24:03	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	205
Sources(s)	18
Nessus® Exploit(s)	14

	Related
7.5	USN-2501-1
7.5	RHSA-2015:1066
7.5	RHSA-2015:1053
7.5	MDVSA-2015:080
7.5	MDVSA-2015:032
7.5	GLSA-201503-03
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

7.5 - CVE-2014-9427

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU