Executive Summary
Summary | |
---|---|
Title | HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | HPSBMA02159 SSRT061238 | First vendor Publication | 2006-11-01 |
Vendor | HP | Last vendor Modification | 2006-11-01 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities have been identified in PHP, an open source software component supplied with HP System Management Homepage (SMH). These vulnerabilities could by exploited remotely resulting in the bypassing of security features, cross site scripting, or Denial of Service (DoS). |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00786522 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10537 | |||
Oval ID: | oval:org.mitre.oval:def:10537 | ||
Title: | The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. | ||
Description: | The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3390 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10542 | |||
Oval ID: | oval:org.mitre.oval:def:10542 | ||
Title: | Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | ||
Description: | Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3388 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11481 | |||
Oval ID: | oval:org.mitre.oval:def:11481 | ||
Title: | The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | ||
Description: | The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3389 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11516 | |||
Oval ID: | oval:org.mitre.oval:def:11516 | ||
Title: | Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. | ||
Description: | Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2491 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1496 | |||
Oval ID: | oval:org.mitre.oval:def:1496 | ||
Title: | Webproxy Integer Overflow in pcre_compile | ||
Description: | Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2491 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1659 | |||
Oval ID: | oval:org.mitre.oval:def:1659 | ||
Title: | VirusVault Integer Overflow in pcre_compile | ||
Description: | Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2491 | Version: | 2 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:735 | |||
Oval ID: | oval:org.mitre.oval:def:735 | ||
Title: | Apache Integer Overflow in pcre_compile.c | ||
Description: | Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2491 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | Apache |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.1.0 File : nvt/nopsec_php_5_1_0.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5021688.nasl |
2009-10-10 | Name : SLES9: Security update for Apache2 File : nvt/sles9p5021652.nasl |
2009-10-10 | Name : SLES9: Security update for pcre File : nvt/sles9p5018284.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5015916.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5014967.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5010771.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-08 (Python) File : nvt/glsa_200509_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200511-08 (PHP) File : nvt/glsa_200511_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-19 (PHP) File : nvt/glsa_200509_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-12 (Apache) File : nvt/glsa_200509_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-02 (Gnumeric) File : nvt/glsa_200509_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200508-17 (libpcre) File : nvt/glsa_200508_17.nasl |
2008-09-04 | Name : FreeBSD Ports: pcre, pcre-utf8 File : nvt/freebsd_pcre.nasl |
2008-09-04 | Name : PHP -- multiple vulnerabilities File : nvt/freebsd_mod_php4-twig4.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1206-1 (php4) File : nvt/deb_1206_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 821-1 (python2.3) File : nvt/deb_821_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 819-1 (python2.1) File : nvt/deb_819_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 817-1 (python2.2) File : nvt/deb_817_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 800-1 (pcre3) File : nvt/deb_800_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-251-04 php5 in Slackware 10.1 File : nvt/esoft_slk_ssa_2005_251_04.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-242-02 PHP File : nvt/esoft_slk_ssa_2005_242_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-242-01 PCRE library File : nvt/esoft_slk_ssa_2005_242_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
21492 | PHP exif_read_data Malformed JPEG DoS |
20898 | PHP Unspecified curl / gd Restriction Bypass PHP contains a flaw in the "ext/curl" and "ext/gd" modules that may allow a malicious user to view sensitive files without authorization. It is possible that the flaw may allow the attacker to bypass the "safe_mode" or "open_basedir" restrictions. This may allow the disclosure of sensitive information, resulting in a loss of confidentiality. |
20897 | PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure PHP, when used as an Apache 2 module, contains an unspecified flaw in the virtual() function that may allow a malicious user to bypass certain configuration directives (e.g. "safe_mode" and "open_basedir"). This may allow the disclosure of sensitive information, resulting in a loss of confidentiality. |
20491 | PHP mod_php apache2handler SAPI Crafted .htaccess DoS The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user places a specially crafted .htaccess file in a root directory while safe mode is active. This will cause a segmentation fault, resulting in loss of availability for the service. |
20408 | PHP File-Upload $GLOBALS Array Overwrite |
20407 | PHP parse_str() memory_limit Request Termination register_globals Manipulation |
20406 | PHP phpinfo() Function Stacked Array Assignment XSS PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input (i.e. crafted URL with a stacked array assignment) passed to the phpinfo() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
18906 | Perl-Compatible Regular Expression (PCRE) Quantifier Value Processing Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | file upload GLOBAL variable overwrite attempt RuleID : 12221 - Revision : 11 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-11-18 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_1_0.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12013.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote version of Apache is affected by multiple vulnerabilities. File : apache_2_0_55.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1206.nasl - Type : ACT_GATHER_INFO |
2006-09-02 | Name : The remote web server contains a PHP script that allows execution of arbitrar... File : e107_globals_overwrite.nasl - Type : ACT_ATTACK |
2006-09-01 | Name : The remote web server contains a PHP application that is affected by a remote... File : joomla_1011_cmd_exec.nasl - Type : ACT_ATTACK |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-358.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-761.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-831.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0197.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b971d2a6167011da978e0001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34163.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34123.nasl - Type : ACT_GATHER_INFO |
2006-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0197.nasl - Type : ACT_GATHER_INFO |
2006-03-02 | Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2006-001.nasl - Type : ACT_GATHER_INFO |
2006-02-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-035.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-232-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-173-4.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-173-2.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-173-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-213.nasl - Type : ACT_GATHER_INFO |
2005-12-20 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_069.nasl - Type : ACT_GATHER_INFO |
2005-11-30 | Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2005-009.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-831.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200511-08.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1062.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1061.nasl - Type : ACT_GATHER_INFO |
2005-11-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-838.nasl - Type : ACT_GATHER_INFO |
2005-11-01 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_1.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_048.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-242-02.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-251-04.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_049.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_051.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-242-01.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-817.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-155.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-154.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-153.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-152.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-151.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-819.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-821.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-19.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-12.nasl - Type : ACT_GATHER_INFO |
2005-09-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-08.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-358.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-761.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-800.nasl - Type : ACT_GATHER_INFO |
2005-09-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-02.nasl - Type : ACT_GATHER_INFO |
2005-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200508-17.nasl - Type : ACT_GATHER_INFO |