Executive Summary
Summary | |
---|---|
Title | New php3 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-669 | First vendor Publication | 2005-02-07 |
Vendor | Debian | Last vendor Modification | 2005-02-07 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Two vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-0594 The memory_limit functionality allows remote attackers to execute arbitrary code under certain circumstances. CAN-2004-0595 The strip_tags function does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by some web browsers which could lead to cross-site scripting (XSS) vulnerabilities. For the stable distribution (woody) these problems have been fixed in version 3.0.18-23.1woody2. For the unstable distribution (sid) these problems have been fixed in version 3.0.18-27. We recommend that you upgrade your php3 packages. |
Original Source
Url : http://www.debian.org/security/2005/dsa-669 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-6 | Argument Injection |
CAPEC-15 | Command Delimiters |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-27 | Leveraging Race Conditions via Symbolic Links |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-63 | Simple Script Injection |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-73 | User-Controlled Filename |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-163 | Spear Phishing |
CAPEC-247 | Cross-Site Scripting with Masking through Invalid Characters in Identifiers |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10619 | |||
Oval ID: | oval:org.mitre.oval:def:10619 | ||
Title: | The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | ||
Description: | The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0595 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10896 | |||
Oval ID: | oval:org.mitre.oval:def:10896 | ||
Title: | The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | ||
Description: | The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0594 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for Apache HPSBUX01064 File : nvt/gb_hp_ux_HPSBUX01064.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-13 (PHP) File : nvt/glsa_200407_13.nasl |
2008-09-04 | Name : php -- strip_tags cross-site scripting vulnerability File : nvt/freebsd_mod_php4-twig2.nasl |
2008-09-04 | Name : php -- memory_limit related vulnerability File : nvt/freebsd_mod_php4-twig3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 531-1 (php4) File : nvt/deb_531_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 669-1 (php3) File : nvt/deb_669_1.nasl |
2005-11-03 | Name : php < 4.3.8 File : nvt/php_strip_tags_memory_limit_vuln.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-202-01 PHP File : nvt/esoft_slk_ssa_2004_202_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
7871 | PHP strip_tags() Function Filter Bypass PHP strip_tags() function contains a flaw that may allow a malicious user to conduct a cross site scripting attack. The issue is triggered when the strip_tags()function fails to strip obfuscated HTML tags. It is possible that the flaw may result in a loss of integrity. |
7870 | PHP memory_limit Function Arbitrary Code Execution The PHP memory_limit function contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is triggered when an attacker is able to trigger the memory_limit abort within the zend_hash_init() function. It is possible that the flaw may allow the attacker to control the heap, resulting in a loss of confidentiality, integrity, and/or availability. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | PHP memory_limit vulnerability exploit attempt RuleID : 16078 - Revision : 6 - Type : SERVER-WEBAPP |
2014-01-10 | PHP strip_tags bypass vulnerability exploit attempt RuleID : 15977 - Revision : 10 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-202-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_dd7aa4f1102f11d98a8a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_edf61c610f0711d98393000103ccf9d6.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-669.nasl - Type : ACT_GATHER_INFO |
2005-01-26 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2005-001.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-531.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200407-13.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-068.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_021.nasl - Type : ACT_GATHER_INFO |
2004-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-222.nasl - Type : ACT_GATHER_INFO |
2004-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-223.nasl - Type : ACT_GATHER_INFO |
2004-07-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-392.nasl - Type : ACT_GATHER_INFO |
2004-07-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-395.nasl - Type : ACT_GATHER_INFO |
2004-07-15 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_strip_tags_memory_limit_vuln.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:51 |
|