Executive Summary
Summary | |
---|---|
Title | Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | HPSBTU02232 SSRT071429 | First vendor Publication | 2007-06-25 |
Vendor | HP | Last vendor Modification | 2007-06-25 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). The vulnerabilities could be exploited by remote users to execute arbitrary code, read arbitrary files, or cause a Denial of Service (DoS). |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01086137 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-502 | Deserialization of Untrusted Data |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.2.1 File : nvt/nopsec_php_5_2_1.nasl |
2012-06-21 | Name : PHP version smaller than 5.2.0 File : nvt/nopsec_php_5_2_0.nasl |
2012-06-21 | Name : PHP version smaller than 4.4.5 File : nvt/nopsec_php_4_4_5.nasl |
2010-04-23 | Name : PHP Session Data Deserialization Arbitrary Code Execution Vulnerability File : nvt/gb_php_23120.nasl |
2010-04-23 | Name : PHP PHP_Binary Heap Information Leak Vulnerability File : nvt/gb_php_22805.nasl |
2010-04-21 | Name : PHP Str_Replace() Integer Overflow Vulnerability File : nvt/gb_php_23233.nasl |
2010-04-21 | Name : PHP Printf() Function 64bit Casting Multiple Format String Vulnerabilities File : nvt/gb_php_23219.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5017282.nasl |
2009-10-10 | Name : SLES9: Security update for PHP File : nvt/sles9p5016480.nasl |
2009-04-09 | Name : Mandriva Update for php MDKSA-2007:048 (php) File : nvt/gb_mandriva_MDKSA_2007_048.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-455-1 File : nvt/gb_ubuntu_USN_455_1.nasl |
2009-03-23 | Name : Ubuntu Update for php5 regression USN-424-2 File : nvt/gb_ubuntu_USN_424_2.nasl |
2009-03-23 | Name : Ubuntu Update for php5 vulnerabilities USN-424-1 File : nvt/gb_ubuntu_USN_424_1.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-526 File : nvt/gb_fedora_2007_526_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-261 File : nvt/gb_fedora_2007_261_php_fc6.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-287 File : nvt/gb_fedora_2007_287_php_fc5.nasl |
2009-02-27 | Name : Fedora Update for php FEDORA-2007-455 File : nvt/gb_fedora_2007_455_php_fc5.nasl |
2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:020 File : nvt/gb_suse_2007_020.nasl |
2009-01-28 | Name : SuSE Update for php4,php5 SUSE-SA:2007:032 File : nvt/gb_suse_2007_032.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-21 (php) File : nvt/glsa_200703_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-19 (php) File : nvt/glsa_200705_19.nasl |
2008-09-04 | Name : php -- multiple vulnerabilities File : nvt/freebsd_php5-imap.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1283-1 (php5) File : nvt/deb_1283_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1282-1 (php4) File : nvt/deb_1282_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1264-1 (php4) File : nvt/deb_1264_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-053-01 php File : nvt/esoft_slk_ssa_2007_053_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36206 | PHP readfile() Function Crafted Filename Request Restriction Bypass Arbitrary... |
34767 | PHP php_sprintf_appendstring Function 64 Bit Casting Memory Corruption PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to an integer signedness error in the printf function family as used on 64 bit machines. When a width and precision of -1 is passed to the php_sprintf_appendstring function, it may place an internal buffer at an arbitrary memory location. This may allow an attacker to execute arbitrary code. |
33956 | PHP str_replace() Function Multiple Remote Overflow PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the str_replace function not sanitizing user-supplied input. If an attacker supplies a single character search string in conjunction with a long replacement string, they can trigger an overflow and execute arbitrary code. |
33955 | PHP php_formatted_print Function 64 Bit Casting Memory Corruption PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to an integer signedness error in the printf function family as used on 64 bit machines. When a negative argument number is passed to the php_formatted_print function before a 64 to 32 bit truncation, it may bypass a check for the maximum allowable value causing memory corruption. This may allow an attacker to execute arbitrary code. |
33953 | PHP session.save_path open_basedir Restriction Bypass PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to an empty session save path (session.save_path) using the TMPDIR default after checking security restrictions. This may allow a local uesr to bypass the open_basedir security restriction. |
33945 | PHP _SESSION Deserialization Global Variable Overwrite PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the ability of the deserialization of session data to overwrite arbitrary global variables. This can allow an attacker to execute arbitrary code. |
33944 | PHP _SESSION unset() Hashtable Manipulation Arbitrary Code Execution PHP contains a flaw that may allow context-dependent attackers to gain elevated privileges. The issue is due to the session extension not properly calculating the reference count for session variables. This may allow an attacker to use a crafted string in the session_register function after unsetting global session variables, thus manipulating the session data Hashtable. |
32776 | PHP Session Extension php_binary Heap Information Disclosure The php_binary serialization handler in the PHP session extension is missing a boundary check and may lead to an unauthorized information disclosure. The condition is triggered during the extraction of an overly long php_binary session data format variable name, which will disclose up to 126 bytes of heap data into PHP variables, resulting in a loss of confidentiality. |
32771 | PHP unserialize() ZVAL Reference Counter Remote Overflow PHP contains a flaw that may a context-dependent attacker to elevate privileges. The issue can occur when the unserialize() function is used on an attacker supplied string, which can result in an integer overflow in the refcount variable in _zval_struct through the creation of a large number of references for a specific variable leading to a double destruction of the underlying variable. It is possible that the flaw may allow a remote attacker to execute arbitrary code resulting in a loss of integrity. |
32762 | PHP on 64-bit zend_hash_init Function Remote DoS PHP contains a flaw that may all a context-dependent attacker to deny service. The issue occurs on 64-bit platforms when the zend_hash_init function unserializing certain expressions causing 32-bit arguments to be used after the check for a negative value. This may cause the application to enter an infinite loop and require a restart. |
29603 | PHP ini_restore() Apache httpd.conf Options Bypass PHP contains a flaw that may allow a local user to bypass Apache configuration options. The issue is due to the ini_restore function resetting its value to the php.ini "Master Value" (default). This may allow an attacker to bypass the safe_mode and open_basedir restrictions. |
Snort® IPS/IDS
Date | Description |
---|---|
2015-05-08 | PHP 4 unserialize ZVAL Reference Counter Overflow attempt RuleID : 34027 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL7859.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0155.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2008-03-25 | Name : The remote web server uses a version of PHP that is affected by multiple buff... File : php_5_2_0.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-3290.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-2152.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-362-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-455-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-424-2.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-3289.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-2153.nasl - Type : ACT_GATHER_INFO |
2007-05-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-19.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0082.nasl - Type : ACT_GATHER_INFO |
2007-05-04 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_7_or_5_2_2.nasl - Type : ACT_GATHER_INFO |
2007-04-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1283.nasl - Type : ACT_GATHER_INFO |
2007-04-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1282.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0154.nasl - Type : ACT_GATHER_INFO |
2007-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0155.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_4_4_5.nasl - Type : ACT_GATHER_INFO |
2007-04-02 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_1.nasl - Type : ACT_GATHER_INFO |
2007-03-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-21.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1264.nasl - Type : ACT_GATHER_INFO |
2007-02-27 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-287.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-053-01.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0081.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-048.nasl - Type : ACT_GATHER_INFO |
2007-02-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-261.nasl - Type : ACT_GATHER_INFO |
2007-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0076.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_059.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-185.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7fcf1727be7111dbb2ec000c6ec775d9.nasl - Type : ACT_GATHER_INFO |