Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title php5 security update
Informations
Name DSA-2408 First vendor Publication 2012-02-13
Vendor Debian Last vendor Modification 2012-02-13
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2011-1072

It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service.

CVE-2011-4153

Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup() function could lead to denial of service.

CVE-2012-0781

Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose() function could lead to denial of service.

CVE-2012-0788

It was discovered that missing checks in the handling of PDORow objects could lead to denial of service.

CVE-2012-0831

It was discovered that the magic_quotes_gpc setting could be disabled remotely

This update also addresses PHP bugs, which are not treated as security issues in Debian (see README.Debian.security), but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267

For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze8.

For the unstable distribution (sid), this problem has been fixed in version 5.3.10-1.

We recommend that you upgrade your php5 packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2408

CWE : Common Weakness Enumeration

% Id Name
46 % CWE-399 Resource Management Errors
31 % CWE-20 Improper Input Validation
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)
8 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12528
 
Oval ID: oval:org.mitre.oval:def:12528
Title: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4
Description: Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4697
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): PHP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15188
 
Oval ID: oval:org.mitre.oval:def:15188
Title: DSA-2408-1 php5 -- several
Description: Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. CVE-2011-4153 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the zend_strndup function could lead to denial of service. CVE-2012-0781 Maksymilian Arciemowicz discovered that a NULL pointer dereference in the tidy_diagnose function could lead to denial of service. CVE-2012-0788 It was discovered that missing checks in the handling of PDORow objects could lead to denial of service. CVE-2012-0831 It was discovered that the magic_quotes_gpc setting could be disabled remotely This update also addresses PHP bugs, which are not treated as security issues in Debian , but which were fixed nonetheless: CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467 CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182 CVE-2011-3267
Family: unix Class: patch
Reference(s): DSA-2408-1
CVE-2011-1072
CVE-2011-4153
CVE-2012-0781
CVE-2012-0788
CVE-2012-0831
CVE-2010-4697
CVE-2011-1092
CVE-2011-1148
CVE-2011-1464
CVE-2011-1467
CVE-2011-1468
CVE-2011-1469
CVE-2011-1470
CVE-2011-1657
CVE-2011-3182
CVE-2011-3267
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): php5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19075
 
Oval ID: oval:org.mitre.oval:def:19075
Title: HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
Description: PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4153
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26934
 
Oval ID: oval:org.mitre.oval:def:26934
Title: RHSA-2011:1741 -- php-pear security and bug fix update (Low)
Description: The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the "pear install" command. (CVE-2011-1072) This update also fixes the following bugs: * The php-pear package has been upgraded to version 1.9.4, which provides a number of bug fixes over the previous version. (BZ#651897) * Prior to this update, php-pear created a cache in the "/var/cache/php-pear/" directory when attempting to list all packages. As a consequence, php-pear failed to create or update the cache file as a regular user without sufficient file permissions and could not list all packages. With this update, php-pear no longer fails if writing to the cache directory is not permitted. Now, all packages are listed as expected. (BZ#747361) All users of php-pear are advised to upgrade to this updated package, which corrects these issues.
Family: unix Class: patch
Reference(s): RHSA-2011:1741
CVE-2011-1072
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Product(s): php-pear
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26943
 
Oval ID: oval:org.mitre.oval:def:26943
Title: DEPRECATED: ELSA-2013-0514 -- php security, bug fix and enhancement update (moderate)
Description: It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831)
Family: unix Class: patch
Reference(s): ELSA-2013-0514
CVE-2012-2688
CVE-2011-1398
CVE-2012-0831
Version: 4
Platform(s): Oracle Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27681
 
Oval ID: oval:org.mitre.oval:def:27681
Title: DEPRECATED: ELSA-2012-1046 -- php security update (moderate)
Description: [5.3.3-14] - add security fix for CVE-2010-2950 [5.3.3-13] - fix tests for CVE-2012-2143, CVE-2012-0789 [5.3.3-12] - add fix for CVE-2012-2336 [5.3.3-11] - add security fixes for CVE-2012-0781, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2386 [5.3.3-9] - correct detection of = in CVE-2012-1823 fix (#818607) [5.3.3-8] - add security fix for CVE-2012-1823 (#818607) [5.3.3-7] - add security fix for CVE-2012-0830 (#786744) [5.3.3-6] - merge Joe's changes: - improve CVE-2011-1466 fix to cover CAL_GREGORIAN, CAL_JEWISH - add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, and CVE-2011-2202 (#740732) [5.3.3-5] - remove extra php.ini-prod/devel files caused by %patch -b [5.3.3-4] - add security fixes for CVE-2011-4885, CVE-2011-4566 (#769755)
Family: unix Class: patch
Reference(s): ELSA-2012-1046
CVE-2012-2143
CVE-2011-4153
CVE-2012-0057
CVE-2012-0789
CVE-2012-1172
CVE-2012-2336
CVE-2010-2950
CVE-2012-2386
CVE-2012-0781
Version: 4
Platform(s): Oracle Linux 6
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27880
 
Oval ID: oval:org.mitre.oval:def:27880
Title: ELSA-2011-1741 -- php-pear security and bug fix update (low)
Description: [1.9.4-4] - fix patch application for #747361 [1.9.4-3] - ignore REST cache creation failures as non-root user (#747361) [1.9.4-2] - fix XML-Util provides [1.9.4-1] - update to 1.9.4 (#651897) - update XML_RPC to 1.5.4, Structures_Graph to 1.0.4, Archive_Tar to 1.3.7 [1.9.1-1] - update to 1.9.1 (#651897) - fix installation of XML_RPC license file
Family: unix Class: patch
Reference(s): ELSA-2011-1741
CVE-2011-1072
Version: 3
Platform(s): Oracle Linux 6
Product(s): php-pear
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 51
Application 388

ExploitDB Exploits

id Description
2012-01-14 PHP 5.3.8 Multiple Vulnerabilities
2011-03-12 PHP <= 5.3.6 shmop_read() Integer Overflow DoS

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update)
File : nvt/gb_suse_2012_0426_1.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-25 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-09-10 Name : Slackware Advisory SSA:2011-237-01 php
File : nvt/esoft_slk_ssa_2011_237_01.nasl
2012-08-03 Name : Mandriva Update for php MDVSA-2012:065 (php)
File : nvt/gb_mandriva_MDVSA_2012_065.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2011:1423 centos5 x86_64
File : nvt/gb_CESA-2011_1423_php53_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:0033 centos5
File : nvt/gb_CESA-2012_0033_php_centos5.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:1045 centos5
File : nvt/gb_CESA-2012_1045_php_centos5.nasl
2012-07-30 Name : CentOS Update for php CESA-2012:1046 centos6
File : nvt/gb_CESA-2012_1046_php_centos6.nasl
2012-07-30 Name : CentOS Update for php53 CESA-2012:1047 centos5
File : nvt/gb_CESA-2012_1047_php53_centos5.nasl
2012-07-09 Name : RedHat Update for php-pear RHSA-2011:1741-03
File : nvt/gb_RHSA-2011_1741-03_php-pear.nasl
2012-06-28 Name : RedHat Update for php RHSA-2012:1046-01
File : nvt/gb_RHSA-2012_1046-01_php.nasl
2012-06-28 Name : RedHat Update for php53 RHSA-2012:1047-01
File : nvt/gb_RHSA-2012_1047-01_php53.nasl
2012-06-28 Name : RedHat Update for php RHSA-2012:1045-01
File : nvt/gb_RHSA-2012_1045-01_php.nasl
2012-06-22 Name : Ubuntu Update for php5 USN-1481-1
File : nvt/gb_ubuntu_USN_1481_1.nasl
2012-06-21 Name : PHP version smaller than 5.3.4
File : nvt/nopsec_php_5_3_4.nasl
2012-06-21 Name : PHP 5.2 < 5.2.15
File : nvt/nopsec_php_5_2_15.nasl
2012-06-14 Name : PHP version 5.3< 5.3.6
File : nvt/nopsec_php_5_3_6.nasl
2012-06-14 Name : PHP versoin < 5.3.9
File : nvt/nopsec_php_5_3_9.nasl
2012-05-08 Name : Fedora Update for php-eaccelerator FEDORA-2012-6907
File : nvt/gb_fedora_2012_6907_php-eaccelerator_fc16.nasl
2012-05-08 Name : Fedora Update for php FEDORA-2012-6911
File : nvt/gb_fedora_2012_6911_php_fc15.nasl
2012-05-08 Name : Fedora Update for php-eaccelerator FEDORA-2012-6911
File : nvt/gb_fedora_2012_6911_php-eaccelerator_fc15.nasl
2012-05-08 Name : Fedora Update for maniadrive FEDORA-2012-6911
File : nvt/gb_fedora_2012_6911_maniadrive_fc15.nasl
2012-05-08 Name : Fedora Update for php FEDORA-2012-6907
File : nvt/gb_fedora_2012_6907_php_fc16.nasl
2012-05-08 Name : Fedora Update for maniadrive FEDORA-2012-6907
File : nvt/gb_fedora_2012_6907_maniadrive_fc16.nasl
2012-04-30 Name : FreeBSD Ports: php
File : nvt/freebsd_php.nasl
2012-04-02 Name : Fedora Update for maniadrive FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_maniadrive_fc16.nasl
2012-03-19 Name : Fedora Update for php-eaccelerator FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_php-eaccelerator_fc16.nasl
2012-03-19 Name : Fedora Update for php FEDORA-2011-11464
File : nvt/gb_fedora_2011_11464_php_fc16.nasl
2012-03-12 Name : Debian Security Advisory DSA 2408-1 (php5)
File : nvt/deb_2408_1.nasl
2012-02-21 Name : Ubuntu Update for php5 USN-1358-2
File : nvt/gb_ubuntu_USN_1358_2.nasl
2012-02-13 Name : Ubuntu Update for php5 USN-1358-1
File : nvt/gb_ubuntu_USN_1358_1.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-06 (php)
File : nvt/glsa_201110_06.nasl
2012-02-10 Name : PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows)
File : nvt/gb_php_magic_quotes_gpc_sec_bypass_vuln_win.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2012-01-23 Name : PHP Multiple Denial of Service Vulnerabilities (Windows)
File : nvt/gb_php_mult_dos_vuln_win.nasl
2012-01-20 Name : RedHat Update for php RHSA-2012:0033-01
File : nvt/gb_RHSA-2012_0033-01_php.nasl
2012-01-03 Name : PHP Web Form Hash Collision Denial of Service Vulnerability (Win)
File : nvt/gb_php_web_form_hash_collision_dos_vuln_win.nasl
2011-12-16 Name : Mandriva Update for php-pear MDVSA-2011:187 (php-pear)
File : nvt/gb_mandriva_MDVSA_2011_187.nasl
2011-11-08 Name : Mandriva Update for php MDVSA-2011:165 (php)
File : nvt/gb_mandriva_MDVSA_2011_165.nasl
2011-11-03 Name : RedHat Update for php53 and php RHSA-2011:1423-01
File : nvt/gb_RHSA-2011_1423-01_php53_and_php.nasl
2011-11-03 Name : CentOS Update for php53 CESA-2011:1423 centos5 i386
File : nvt/gb_CESA-2011_1423_php53_centos5_i386.nasl
2011-10-21 Name : Ubuntu Update for php5 USN-1231-1
File : nvt/gb_ubuntu_USN_1231_1.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-09-21 Name : FreeBSD Ports: php5, php5-sockets
File : nvt/freebsd_php513.nasl
2011-09-20 Name : Fedora Update for maniadrive FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_maniadrive_fc15.nasl
2011-09-20 Name : Fedora Update for php-eaccelerator FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl
2011-09-20 Name : Fedora Update for php FEDORA-2011-11528
File : nvt/gb_fedora_2011_11528_php_fc15.nasl
2011-09-20 Name : Fedora Update for maniadrive FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_maniadrive_fc14.nasl
2011-09-20 Name : Fedora Update for php-eaccelerator FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl
2011-09-20 Name : Fedora Update for php FEDORA-2011-11537
File : nvt/gb_fedora_2011_11537_php_fc14.nasl
2011-09-07 Name : PHP Multiple Vulnerabilities (Windows) - Sep 2011
File : nvt/gb_php_mult_vuln_win_sep11.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-1
File : nvt/gb_ubuntu_USN_1126_1.nasl
2011-05-10 Name : Ubuntu Update for php5 USN-1126-2
File : nvt/gb_ubuntu_USN_1126_2.nasl
2011-04-11 Name : Fedora Update for maniadrive FEDORA-2011-3636
File : nvt/gb_fedora_2011_3636_maniadrive_fc14.nasl
2011-04-11 Name : Fedora Update for php-eaccelerator FEDORA-2011-3636
File : nvt/gb_fedora_2011_3636_php-eaccelerator_fc14.nasl
2011-04-11 Name : Fedora Update for php FEDORA-2011-3666
File : nvt/gb_fedora_2011_3666_php_fc13.nasl
2011-04-11 Name : Fedora Update for php-eaccelerator FEDORA-2011-3666
File : nvt/gb_fedora_2011_3666_php-eaccelerator_fc13.nasl
2011-04-11 Name : Fedora Update for maniadrive FEDORA-2011-3666
File : nvt/gb_fedora_2011_3666_maniadrive_fc13.nasl
2011-04-11 Name : Fedora Update for php FEDORA-2011-3636
File : nvt/gb_fedora_2011_3636_php_fc14.nasl
2011-03-25 Name : Mandriva Update for php MDVSA-2011:053 (php)
File : nvt/gb_mandriva_MDVSA_2011_053.nasl
2011-03-25 Name : Mandriva Update for php MDVSA-2011:052 (php)
File : nvt/gb_mandriva_MDVSA_2011_052.nasl
2011-03-22 Name : PHP 'substr_replace()' Use After Free Vulnerability
File : nvt/secpod_php_use_after_free_vuln.nasl
2011-03-09 Name : PHP 'shmop_read()' Remote Integer Overflow Vulnerability
File : nvt/gb_php_46786.nasl
2011-02-01 Name : PHP Zend and GD Multiple Denial of Service Vulnerabilities
File : nvt/gb_php_zend_mult_dos_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78571 PHP tidy_diagnose Function Tidy::diagnose Operation Remote doS

78570 PHP zend_strndup Function Return Value Parsing Remote DoS

75200 PHP *alloc Functions Argument Handling Arbitrary Value Injection Overflow

75083 PEAR Installer Multiple Directory Temporary File Symlink Arbitrary File Overw...

74743 PHP ext/zip/php_zip.c Multiple Function Flag Argument DoS

74739 PHP error_log Function Unspecified DoS

73755 PHP OpenSSL Extension x Function openssl_decrypt Ciphertext Data Memory Leak DoS

73754 PHP OpenSSL Extension openssl_encrypt Function Plaintext Data Memory Leak DoS

73625 PHP Intl Extension NumberFormatter::setSymbol Function Invalid Argument DoS

73624 PHP Streams Component HTTP Proxy FTP Wrapper ftp:// URL DoS

73623 PHP Zip Extension stream_get_contents Function ziparchive Stream Handling DoS

73218 PHP substr_replace Function Repeated Argument Variable Memory Corruption

72531 PHP strval Function Numerical Argument Handling DoS

71598 PHP ext/shmop/shmop.c shmop_read Function Overflow

70607 PHP Zend Engine Multiple Method Object Reference Access Use-after-free DoS

PHP contains a flaw that may allow a context-dependent denial of service. The issue is triggered when a use-after-free error in the Zend engine occurs, allowing a context-dependent attacker to use vectors related to the '__set', '__get', '__isset' and '__unset' methods to cause a denial of service, or possibly have other unspecified impact.

Snort® IPS/IDS

Date Description
2014-01-10 libtidy null pointer dereference attempt
RuleID : 23995 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 zend_strndup null pointer dereference attempt
RuleID : 23994 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10 use-after-free in substr_replace attempt
RuleID : 23793 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 PHP use-after-free in substr_replace attempt
RuleID : 23792 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10 PHP use-after-free in substr_replace attempt
RuleID : 23791 - Revision : 4 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-09.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-7.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_apache2-mod_php5-110601.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-110601.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-182.nasl - Type : ACT_GATHER_INFO
2013-10-03 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1307.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-07.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1045.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0514.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0514.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0514.nasl - Type : ACT_GATHER_INFO
2012-09-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-03.nasl - Type : ACT_GATHER_INFO
2012-09-20 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO
2012-09-20 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_2.nasl - Type : ACT_GATHER_INFO
2012-09-20 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111102_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20111206_php_pear_on_SL6.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120118_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-07-05 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_1_1_1.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1045.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-06-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1045.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1481-1.nasl - Type : ACT_GATHER_INFO
2012-05-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-6907.nasl - Type : ACT_GATHER_INFO
2012-05-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-6911.nasl - Type : ACT_GATHER_INFO
2012-05-01 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2cde1892913e11e1b44c001fd0af1a4c.nasl - Type : ACT_GATHER_INFO
2012-04-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-065.nasl - Type : ACT_GATHER_INFO
2012-04-20 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-04-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-120309.nasl - Type : ACT_GATHER_INFO
2012-04-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-120309.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-8009.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2408.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1358-2.nasl - Type : ACT_GATHER_INFO
2012-02-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1358-1.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2012-01-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0033.nasl - Type : ACT_GATHER_INFO
2012-01-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_9.nasl - Type : ACT_GATHER_INFO
2011-12-16 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-187.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7553.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7393.nasl - Type : ACT_GATHER_INFO
2011-12-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-1741.nasl - Type : ACT_GATHER_INFO
2011-11-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-165.nasl - Type : ACT_GATHER_INFO
2011-11-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2011-11-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1231-1.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-10-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO
2011-09-19 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11528.nasl - Type : ACT_GATHER_INFO
2011-09-19 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11537.nasl - Type : ACT_GATHER_INFO
2011-09-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-11464.nasl - Type : ACT_GATHER_INFO
2011-08-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-237-01.nasl - Type : ACT_GATHER_INFO
2011-08-22 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_7.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_057bf770cac411e0aea300215c6a37bb.nasl - Type : ACT_GATHER_INFO
2011-06-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_php5-7554.nasl - Type : ACT_GATHER_INFO
2011-06-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-110601.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1126-2.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-110309.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-3666.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-3636.nasl - Type : ACT_GATHER_INFO
2011-04-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-110310.nasl - Type : ACT_GATHER_INFO
2011-03-27 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-3614.nasl - Type : ACT_GATHER_INFO
2011-03-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-053.nasl - Type : ACT_GATHER_INFO
2011-03-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-052.nasl - Type : ACT_GATHER_INFO
2011-03-18 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_6.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_3_4.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_15.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:30:49
  • Multiple Updates