Executive Summary
Summary | |
---|---|
Title | HP System Management Homepage Running PHP, Remote Denial of Service (DoS), Cross Site Scripting (XSS), Execution of Arbitrary Code |
Informations | |||
---|---|---|---|
Name | HPSBMA01212 SSRT5998 | First vendor Publication | 2005-09-21 |
Vendor | HP | Last vendor Modification | 2010-08-30 |
Severity (Vendor) | N/A | Revision | 4 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerability has been identified with HP System Management Homepage running PHP. These vulnerabilities could be exploited remotely to allow Cross Site Scripting (XSS) , to create a Denial of Service (DoS), or to execute arbitrary code. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034748 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10511 | |||
Oval ID: | oval:org.mitre.oval:def:10511 | ||
Title: | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | ||
Description: | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1019 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015816.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5019075.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5020183.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5020404.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021505.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021688.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-14 (PHP) File : nvt/glsa_200412_14.nasl |
2008-09-04 | Name : php -- multiple vulnerabilities File : nvt/freebsd_mod_php4-twig0.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12602 | PHP exif_read_data Section Name Command Execution |
12600 | PHP addslashes() NULL Byte Bypass PHP contains a flaw that may allow remote attackers to gain access to privileged files. The issue is due to the addslashes function not properly escaping NULL characters. By supplying crafted input, an attacker can use require or include statements to traverse the filesystem and access arbitrary files. |
12415 | PHP unserialize() Function Negative Reference Arbitrary Code Execution PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the deserialization code not properly sanitizing user-supplied input. This may allow an attacker to pass crafted content to the unserialize function and cause a denial of service or execute arbitrary code. |
12413 | PHP realpath() Truncation Arbitrary File Inclusion PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to PHP truncating the file path before passing it to the realpath function. This may allow an attacker to bypass safe mode restrictions. |
12412 | PHP Multithreaded safe_mode_exec_dir Restriction Bypass PHP contains a flaw related to the safe_mode functionality that may allow a local attacker to execute arbitrary commands. The issue is due to PHP prepending the current directory to the constructed path for any command executed on a multithreaded web server. With the additional path, an attacker can bypass the safe_mode_exec_dir restriction and inject shell commands into the current directory name. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO |
2015-02-20 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-163.nasl - Type : ACT_GATHER_INFO |
2015-01-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-464.nasl - Type : ACT_GATHER_INFO |
2015-01-09 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-463.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-99-2.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-99-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-40-1.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-838.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d47e9d19501611d99b5f0050569f0001.nasl - Type : ACT_GATHER_INFO |
2005-04-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-072.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-032.nasl - Type : ACT_GATHER_INFO |
2005-02-03 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_002.nasl - Type : ACT_GATHER_INFO |
2005-01-26 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd2005-001.nasl - Type : ACT_GATHER_INFO |
2005-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-031.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-567.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-687.nasl - Type : ACT_GATHER_INFO |
2004-12-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-568.nasl - Type : ACT_GATHER_INFO |
2004-12-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-151.nasl - Type : ACT_GATHER_INFO |
2004-12-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200412-14.nasl - Type : ACT_GATHER_INFO |
2004-12-15 | Name : The remote web server uses a version of PHP that is potentially affected by m... File : php45_multiple_flaws.nasl - Type : ACT_GATHER_INFO |