7.5 - USN-2276-1

Executive Summary

Summary
Title	PHP vulnerabilities

Informations
Name	USN-2276-1	First vendor Publication	2014-07-09
Vendor	Ubuntu	Last vendor Modification	2014-07-09
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description: - php5: HTML-embedded scripting language interpreter

Details:

Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)

Stefan Esser discovered that PHP incorrectly handled unserializing SPL extension objects. An attacker could use this issue to execute arbitrary code. (CVE-2014-3515)

It was discovered that PHP incorrectly handled certain SPL Iterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4670)

It was discovered that PHP incorrectly handled certain ArrayIterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4698)

Stefan Esser discovered that PHP incorrectly handled variable types when calling phpinfo(). An attacker could use this issue to possibly gain access to arbitrary memory, possibly containing sensitive information. (CVE-2014-4721)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.3
php5-cgi 5.5.9+dfsg-1ubuntu4.3
php5-cli 5.5.9+dfsg-1ubuntu4.3
php5-fpm 5.5.9+dfsg-1ubuntu4.3

Ubuntu 13.10:
libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.6
php5-cgi 5.5.3+dfsg-1ubuntu2.6
php5-cli 5.5.3+dfsg-1ubuntu2.6
php5-fpm 5.5.3+dfsg-1ubuntu2.6

Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.13
php5-cgi 5.3.10-1ubuntu3.13
php5-cli 5.3.10-1ubuntu3.13
php5-fpm 5.3.10-1ubuntu3.13

Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.26
php5-cgi 5.3.2-1ubuntu4.26
php5-cli 5.3.2-1ubuntu4.26

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2276-1
CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487, CVE-2014-3515, CVE-2014-4670, CVE-2014-4698,
CVE-2014-4721

Package Information:
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.3
https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.6
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.13
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.26

Original Source

Url : http://www.ubuntu.com/usn/USN-2276-1

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
25 %	CWE-200	Information Exposure
25 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24837

Oval ID:	oval:org.mitre.oval:def:24837
Title:	DSA-2974-1 -- php5 - security update
Description:	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family:	unix	Class:	patch
Reference(s):	DSA-2974-1 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4721	Version:	5
Platform(s):	Debian GNU/Linux 7 Debian GNU/kFreeBSD 7	Product(s):	php5
Definition Synopsis:
Debian 7 Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND php5 DPKG is earlier than 0:5.4.4-14+deb7u12

Definition Id: oval:org.mitre.oval:def:25226

Oval ID:	oval:org.mitre.oval:def:25226
Title:	USN-2276-1 -- php5 vulnerabilities
Description:	Several security issues were fixed in PHP.
Family:	unix	Class:	patch
Reference(s):	USN-2276-1 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.04 Ubuntu 10.04	Product(s):	php5
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.3 AND php5-cgi DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.3 AND php5-cli DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.3 AND php5-fpm DPKG is earlier than 0:5.5.9+dfsg-1ubuntu4.3 AND Ubuntu 13.10 release section Ubuntu 13.10 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 0:5.5.3+dfsg-1ubuntu2.6 AND php5-cgi DPKG is earlier than 0:5.5.3+dfsg-1ubuntu2.6 AND php5-cli DPKG is earlier than 0:5.5.3+dfsg-1ubuntu2.6 AND php5-fpm DPKG is earlier than 0:5.5.3+dfsg-1ubuntu2.6 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 0:5.3.10-1ubuntu3.13 AND php5-cgi DPKG is earlier than 0:5.3.10-1ubuntu3.13 AND php5-cli DPKG is earlier than 0:5.3.10-1ubuntu3.13 AND php5-fpm DPKG is earlier than 0:5.3.10-1ubuntu3.13 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed Packages match section libapache2-mod-php5 DPKG is earlier than 0:5.3.2-1ubuntu4.26 AND php5-cgi DPKG is earlier than 0:5.3.2-1ubuntu4.26 AND php5-cli DPKG is earlier than 0:5.3.2-1ubuntu4.26

Definition Id: oval:org.mitre.oval:def:25721

Oval ID:	oval:org.mitre.oval:def:25721
Title:	SUSE-SU-2014:0938-1 -- Security update for PHP 5.3
Description:	PHP 5.3 has been updated to fix several security problems.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0938-1 CVE-2014-3515 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	PHP 5.3
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section apache2-mod_php53 RPM is earlier than 0:5.3.17-0.27.1 AND php53 RPM is earlier than 0:5.3.17-0.27.1 AND php53-bcmath RPM is earlier than 0:5.3.17-0.27.1 AND php53-bz2 RPM is earlier than 0:5.3.17-0.27.1 AND php53-calendar RPM is earlier than 0:5.3.17-0.27.1 AND php53-ctype RPM is earlier than 0:5.3.17-0.27.1 AND php53-curl RPM is earlier than 0:5.3.17-0.27.1 AND php53-dba RPM is earlier than 0:5.3.17-0.27.1 AND php53-dom RPM is earlier than 0:5.3.17-0.27.1 AND php53-exif RPM is earlier than 0:5.3.17-0.27.1 AND php53-fastcgi RPM is earlier than 0:5.3.17-0.27.1 AND php53-fileinfo RPM is earlier than 0:5.3.17-0.27.1 AND php53-ftp RPM is earlier than 0:5.3.17-0.27.1 AND php53-gd RPM is earlier than 0:5.3.17-0.27.1 AND php53-gettext RPM is earlier than 0:5.3.17-0.27.1 AND php53-gmp RPM is earlier than 0:5.3.17-0.27.1 AND php53-iconv RPM is earlier than 0:5.3.17-0.27.1 AND php53-intl RPM is earlier than 0:5.3.17-0.27.1 AND php53-json RPM is earlier than 0:5.3.17-0.27.1 AND php53-ldap RPM is earlier than 0:5.3.17-0.27.1 AND php53-mbstring RPM is earlier than 0:5.3.17-0.27.1 AND php53-mcrypt RPM is earlier than 0:5.3.17-0.27.1 AND php53-mysql RPM is earlier than 0:5.3.17-0.27.1 AND php53-odbc RPM is earlier than 0:5.3.17-0.27.1 AND php53-openssl RPM is earlier than 0:5.3.17-0.27.1 AND php53-pcntl RPM is earlier than 0:5.3.17-0.27.1 AND php53-pdo RPM is earlier than 0:5.3.17-0.27.1 AND php53-pear RPM is earlier than 0:5.3.17-0.27.1 AND php53-pgsql RPM is earlier than 0:5.3.17-0.27.1 AND php53-pspell RPM is earlier than 0:5.3.17-0.27.1 AND php53-shmop RPM is earlier than 0:5.3.17-0.27.1 AND php53-snmp RPM is earlier than 0:5.3.17-0.27.1 AND php53-soap RPM is earlier than 0:5.3.17-0.27.1 AND php53-suhosin RPM is earlier than 0:5.3.17-0.27.1 AND php53-sysvmsg RPM is earlier than 0:5.3.17-0.27.1 AND php53-sysvsem RPM is earlier than 0:5.3.17-0.27.1 AND php53-sysvshm RPM is earlier than 0:5.3.17-0.27.1 AND php53-tokenizer RPM is earlier than 0:5.3.17-0.27.1 AND php53-wddx RPM is earlier than 0:5.3.17-0.27.1 AND php53-xmlreader RPM is earlier than 0:5.3.17-0.27.1 AND php53-xmlrpc RPM is earlier than 0:5.3.17-0.27.1 AND php53-xmlwriter RPM is earlier than 0:5.3.17-0.27.1 AND php53-xsl RPM is earlier than 0:5.3.17-0.27.1 AND php53-zip RPM is earlier than 0:5.3.17-0.27.1 AND php53-zlib RPM is earlier than 0:5.3.17-0.27.1

Definition Id: oval:org.mitre.oval:def:26314

Oval ID:	oval:org.mitre.oval:def:26314
Title:	RHSA-2014:1012: php53 and php security update (Moderate)
Description:	PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1012-00 CESA-2014:1012 CVE-2012-1571 CVE-2013-6712 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3479 CVE-2014-3480 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6	Product(s):	php53 php
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section php53 is earlier than 0:5.3.3-23.el5_10 AND php53-bcmath is earlier than 0:5.3.3-23.el5_10 AND php53-cli is earlier than 0:5.3.3-23.el5_10 AND php53-common is earlier than 0:5.3.3-23.el5_10 AND php53-dba is earlier than 0:5.3.3-23.el5_10 AND php53-devel is earlier than 0:5.3.3-23.el5_10 AND php53-gd is earlier than 0:5.3.3-23.el5_10 AND php53-imap is earlier than 0:5.3.3-23.el5_10 AND php53-intl is earlier than 0:5.3.3-23.el5_10 AND php53-ldap is earlier than 0:5.3.3-23.el5_10 AND php53-mbstring is earlier than 0:5.3.3-23.el5_10 AND php53-mysql is earlier than 0:5.3.3-23.el5_10 AND php53-odbc is earlier than 0:5.3.3-23.el5_10 AND php53-pdo is earlier than 0:5.3.3-23.el5_10 AND php53-pgsql is earlier than 0:5.3.3-23.el5_10 AND php53-process is earlier than 0:5.3.3-23.el5_10 AND php53-pspell is earlier than 0:5.3.3-23.el5_10 AND php53-snmp is earlier than 0:5.3.3-23.el5_10 AND php53-soap is earlier than 0:5.3.3-23.el5_10 AND php53-xml is earlier than 0:5.3.3-23.el5_10 AND php53-xmlrpc is earlier than 0:5.3.3-23.el5_10 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section php is earlier than 0:5.3.3-27.el6_5.1 AND php-bcmath is earlier than 0:5.3.3-27.el6_5.1 AND php-cli is earlier than 0:5.3.3-27.el6_5.1 AND php-common is earlier than 0:5.3.3-27.el6_5.1 AND php-dba is earlier than 0:5.3.3-27.el6_5.1 AND php-devel is earlier than 0:5.3.3-27.el6_5.1 AND php-embedded is earlier than 0:5.3.3-27.el6_5.1 AND php-enchant is earlier than 0:5.3.3-27.el6_5.1 AND php-fpm is earlier than 0:5.3.3-27.el6_5.1 AND php-gd is earlier than 0:5.3.3-27.el6_5.1 AND php-imap is earlier than 0:5.3.3-27.el6_5.1 AND php-intl is earlier than 0:5.3.3-27.el6_5.1 AND php-ldap is earlier than 0:5.3.3-27.el6_5.1 AND php-mbstring is earlier than 0:5.3.3-27.el6_5.1 AND php-mysql is earlier than 0:5.3.3-27.el6_5.1 AND php-odbc is earlier than 0:5.3.3-27.el6_5.1 AND php-pdo is earlier than 0:5.3.3-27.el6_5.1 AND php-pgsql is earlier than 0:5.3.3-27.el6_5.1 AND php-process is earlier than 0:5.3.3-27.el6_5.1 AND php-pspell is earlier than 0:5.3.3-27.el6_5.1 AND php-recode is earlier than 0:5.3.3-27.el6_5.1 AND php-snmp is earlier than 0:5.3.3-27.el6_5.1 AND php-soap is earlier than 0:5.3.3-27.el6_5.1 AND php-tidy is earlier than 0:5.3.3-27.el6_5.1 AND php-xml is earlier than 0:5.3.3-27.el6_5.1 AND php-xmlrpc is earlier than 0:5.3.3-27.el6_5.1 AND php-zts is earlier than 0:5.3.3-27.el6_5.1

Definition Id: oval:org.mitre.oval:def:26421

Oval ID:	oval:org.mitre.oval:def:26421
Title:	RHSA-2014:1013: php security update (Moderate)
Description:	PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2013-7345) Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1013-00 CESA-2014:1013 CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721	Version:	3
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	php
Definition Synopsis:
Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section php is earlier than 0:5.4.16-23.el7_0 AND php-bcmath is earlier than 0:5.4.16-23.el7_0 AND php-cli is earlier than 0:5.4.16-23.el7_0 AND php-common is earlier than 0:5.4.16-23.el7_0 AND php-dba is earlier than 0:5.4.16-23.el7_0 AND php-devel is earlier than 0:5.4.16-23.el7_0 AND php-embedded is earlier than 0:5.4.16-23.el7_0 AND php-enchant is earlier than 0:5.4.16-23.el7_0 AND php-fpm is earlier than 0:5.4.16-23.el7_0 AND php-gd is earlier than 0:5.4.16-23.el7_0 AND php-intl is earlier than 0:5.4.16-23.el7_0 AND php-ldap is earlier than 0:5.4.16-23.el7_0 AND php-mbstring is earlier than 0:5.4.16-23.el7_0 AND php-mysql is earlier than 0:5.4.16-23.el7_0 AND php-mysqlnd is earlier than 0:5.4.16-23.el7_0 AND php-odbc is earlier than 0:5.4.16-23.el7_0 AND php-pdo is earlier than 0:5.4.16-23.el7_0 AND php-pgsql is earlier than 0:5.4.16-23.el7_0 AND php-process is earlier than 0:5.4.16-23.el7_0 AND php-pspell is earlier than 0:5.4.16-23.el7_0 AND php-recode is earlier than 0:5.4.16-23.el7_0 AND php-snmp is earlier than 0:5.4.16-23.el7_0 AND php-soap is earlier than 0:5.4.16-23.el7_0 AND php-xml is earlier than 0:5.4.16-23.el7_0 AND php-xmlrpc is earlier than 0:5.4.16-23.el7_0

Definition Id: oval:org.mitre.oval:def:26721

Oval ID:	oval:org.mitre.oval:def:26721
Title:	ELSA-2014-1013 -- php security update (moderate)
Description:	[5.4.16-23] - fileinfo: cdf_unpack_summary_info() excessive looping DoS. CVE-2014-0237 - fileinfo: CDF property info parsing nelements infinite loop. CVE-2014-0238 - fileinfo: cdf_check_stream_offset insufficient boundary check. CVE-2014-3479 - fileinfo: cdf_count_chain insufficient boundary check CVE-2014-3480 - fileinfo: cdf_read_short_sector insufficient boundary check. CVE-2014-0207 - fileinfo: cdf_read_property_info insufficient boundary check. CVE-2014-3487 - fileinfo: fix extensive backtracking CVE-2013-7345 - core: type confusion issue in phpinfo(). CVE-2014-4721 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw. CVE-2014-3515
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1013 CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721	Version:	3
Platform(s):	Oracle Linux 7	Product(s):	php
Definition Synopsis:
Oracle Linux 7.x Packages match section php is earlier than 0:5.4.16-23.el7_0 AND php-bcmath is earlier than 0:5.4.16-23.el7_0 AND php-cli is earlier than 0:5.4.16-23.el7_0 AND php-common is earlier than 0:5.4.16-23.el7_0 AND php-dba is earlier than 0:5.4.16-23.el7_0 AND php-devel is earlier than 0:5.4.16-23.el7_0 AND php-embedded is earlier than 0:5.4.16-23.el7_0 AND php-enchant is earlier than 0:5.4.16-23.el7_0 AND php-fpm is earlier than 0:5.4.16-23.el7_0 AND php-gd is earlier than 0:5.4.16-23.el7_0 AND php-intl is earlier than 0:5.4.16-23.el7_0 AND php-ldap is earlier than 0:5.4.16-23.el7_0 AND php-mbstring is earlier than 0:5.4.16-23.el7_0 AND php-mysql is earlier than 0:5.4.16-23.el7_0 AND php-mysqlnd is earlier than 0:5.4.16-23.el7_0 AND php-odbc is earlier than 0:5.4.16-23.el7_0 AND php-pdo is earlier than 0:5.4.16-23.el7_0 AND php-pgsql is earlier than 0:5.4.16-23.el7_0 AND php-process is earlier than 0:5.4.16-23.el7_0 AND php-pspell is earlier than 0:5.4.16-23.el7_0 AND php-recode is earlier than 0:5.4.16-23.el7_0 AND php-snmp is earlier than 0:5.4.16-23.el7_0 AND php-soap is earlier than 0:5.4.16-23.el7_0 AND php-xml is earlier than 0:5.4.16-23.el7_0 AND php-xmlrpc is earlier than 0:5.4.16-23.el7_0

Definition Id: oval:org.mitre.oval:def:27101

Oval ID:	oval:org.mitre.oval:def:27101
Title:	RHSA-2014:1606: file security and bug fix update (Moderate)
Description:	The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way file handled indirect and search rules. A remote attacker could use either of these flaws to cause file, or an application using file, to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) This update also fixes the following bugs: * Previously, the output of the "file" command contained redundant white spaces. With this update, the new STRING_TRIM flag has been introduced to remove the unnecessary white spaces. (BZ#664513) * Due to a bug, the "file" command could incorrectly identify an XML document as a LaTex document. The underlying source code has been modified to fix this bug and the command now works as expected. (BZ#849621) * Previously, the "file" command could not recognize .JPG files and incorrectly labeled them as "Minix filesystem". This bug has been fixed and the command now properly detects .JPG files. (BZ#873997) * Under certain circumstances, the "file" command incorrectly detected NETpbm files as "x86 boot sector". This update applies a patch to fix this bug and the command now detects NETpbm files as expected. (BZ#884396) * Previously, the "file" command incorrectly identified ASCII text files as a .PIC image file. With this update, a patch has been provided to address this bug and the command now correctly recognizes ASCII text files. (BZ#980941) * On 32-bit PowerPC systems, the "from" field was missing from the output of the "file" command. The underlying source code has been modified to fix this bug and "file" output now contains the "from" field as expected. (BZ#1037279) * The "file" command incorrectly detected text files as "RRDTool DB version ool - Round Robin Database Tool". This update applies a patch to fix this bug and the command now correctly detects text files. (BZ#1064463) * Previously, the "file" command supported only version 1 and 2 of the QCOW format. As a consequence, file was unable to detect a "qcow2 compat=1.1" file created on Red Hat Enterprise Linux 7. With this update, support for QCOW version 3 has been added so that the command now detects such files as expected. (BZ#1067771) All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1606-01 CVE-2012-1571 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3479 CVE-2014-3480 CESA-2014:1606	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	file
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section file is earlier than 0:5.04-21.el6 AND file-devel is earlier than 0:5.04-21.el6 AND file-libs is earlier than 0:5.04-21.el6 AND file-static is earlier than 0:5.04-21.el6 AND python-magic is earlier than 0:5.04-21.el6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND file-debuginfo is earlier than 0:5.04-21.el6

Definition Id: oval:org.mitre.oval:def:27171

Oval ID:	oval:org.mitre.oval:def:27171
Title:	RHSA-2014:1326: php53 and php security update (Moderate)
Description:	PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3597 issue was discovered by David KutГЎlek of the Red Hat BaseOS QE. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1326-00 CESA-2014:1326 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6	Product(s):	php53 php
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section php is earlier than 0:5.3.3-27.el6_5.2 AND php-bcmath is earlier than 0:5.3.3-27.el6_5.2 AND php-cli is earlier than 0:5.3.3-27.el6_5.2 AND php-common is earlier than 0:5.3.3-27.el6_5.2 AND php-dba is earlier than 0:5.3.3-27.el6_5.2 AND php-devel is earlier than 0:5.3.3-27.el6_5.2 AND php-embedded is earlier than 0:5.3.3-27.el6_5.2 AND php-enchant is earlier than 0:5.3.3-27.el6_5.2 AND php-fpm is earlier than 0:5.3.3-27.el6_5.2 AND php-gd is earlier than 0:5.3.3-27.el6_5.2 AND php-imap is earlier than 0:5.3.3-27.el6_5.2 AND php-intl is earlier than 0:5.3.3-27.el6_5.2 AND php-ldap is earlier than 0:5.3.3-27.el6_5.2 AND php-mbstring is earlier than 0:5.3.3-27.el6_5.2 AND php-mysql is earlier than 0:5.3.3-27.el6_5.2 AND php-odbc is earlier than 0:5.3.3-27.el6_5.2 AND php-pdo is earlier than 0:5.3.3-27.el6_5.2 AND php-pgsql is earlier than 0:5.3.3-27.el6_5.2 AND php-process is earlier than 0:5.3.3-27.el6_5.2 AND php-pspell is earlier than 0:5.3.3-27.el6_5.2 AND php-recode is earlier than 0:5.3.3-27.el6_5.2 AND php-snmp is earlier than 0:5.3.3-27.el6_5.2 AND php-soap is earlier than 0:5.3.3-27.el6_5.2 AND php-tidy is earlier than 0:5.3.3-27.el6_5.2 AND php-xml is earlier than 0:5.3.3-27.el6_5.2 AND php-xmlrpc is earlier than 0:5.3.3-27.el6_5.2 AND php-zts is earlier than 0:5.3.3-27.el6_5.2 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section php53 is earlier than 0:5.3.3-24.el5 AND php53-bcmath is earlier than 0:5.3.3-24.el5 AND php53-cli is earlier than 0:5.3.3-24.el5 AND php53-common is earlier than 0:5.3.3-24.el5 AND php53-dba is earlier than 0:5.3.3-24.el5 AND php53-devel is earlier than 0:5.3.3-24.el5 AND php53-gd is earlier than 0:5.3.3-24.el5 AND php53-imap is earlier than 0:5.3.3-24.el5 AND php53-intl is earlier than 0:5.3.3-24.el5 AND php53-ldap is earlier than 0:5.3.3-24.el5 AND php53-mbstring is earlier than 0:5.3.3-24.el5 AND php53-mysql is earlier than 0:5.3.3-24.el5 AND php53-odbc is earlier than 0:5.3.3-24.el5 AND php53-pdo is earlier than 0:5.3.3-24.el5 AND php53-pgsql is earlier than 0:5.3.3-24.el5 AND php53-process is earlier than 0:5.3.3-24.el5 AND php53-pspell is earlier than 0:5.3.3-24.el5 AND php53-snmp is earlier than 0:5.3.3-24.el5 AND php53-soap is earlier than 0:5.3.3-24.el5 AND php53-xml is earlier than 0:5.3.3-24.el5 AND php53-xmlrpc is earlier than 0:5.3.3-24.el5

Definition Id: oval:org.mitre.oval:def:27280

Oval ID:	oval:org.mitre.oval:def:27280
Title:	ELSA-2014-1326 -- php53 and php security update (moderate)
Description:	[5.3.3-27.2] - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - fileinfo: fix incomplete fix for CVE-2012-1571 in cdf_read_property_info. CVE-2014-3587 - core: fix incomplete fix for CVE-2014-4049 DNS TXT record parsing. CVE-2014-3597
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1326 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698	Version:	3
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	php53 php
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section php53 is earlier than 0:5.3.3-24.el5 AND php53-bcmath is earlier than 0:5.3.3-24.el5 AND php53-cli is earlier than 0:5.3.3-24.el5 AND php53-common is earlier than 0:5.3.3-24.el5 AND php53-dba is earlier than 0:5.3.3-24.el5 AND php53-devel is earlier than 0:5.3.3-24.el5 AND php53-gd is earlier than 0:5.3.3-24.el5 AND php53-imap is earlier than 0:5.3.3-24.el5 AND php53-intl is earlier than 0:5.3.3-24.el5 AND php53-ldap is earlier than 0:5.3.3-24.el5 AND php53-mbstring is earlier than 0:5.3.3-24.el5 AND php53-mysql is earlier than 0:5.3.3-24.el5 AND php53-odbc is earlier than 0:5.3.3-24.el5 AND php53-pdo is earlier than 0:5.3.3-24.el5 AND php53-pgsql is earlier than 0:5.3.3-24.el5 AND php53-process is earlier than 0:5.3.3-24.el5 AND php53-pspell is earlier than 0:5.3.3-24.el5 AND php53-snmp is earlier than 0:5.3.3-24.el5 AND php53-soap is earlier than 0:5.3.3-24.el5 AND php53-xml is earlier than 0:5.3.3-24.el5 AND php53-xmlrpc is earlier than 0:5.3.3-24.el5 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section php is earlier than 0:5.3.3-27.el6_5.2 AND php-bcmath is earlier than 0:5.3.3-27.el6_5.2 AND php-cli is earlier than 0:5.3.3-27.el6_5.2 AND php-common is earlier than 0:5.3.3-27.el6_5.2 AND php-dba is earlier than 0:5.3.3-27.el6_5.2 AND php-devel is earlier than 0:5.3.3-27.el6_5.2 AND php-embedded is earlier than 0:5.3.3-27.el6_5.2 AND php-enchant is earlier than 0:5.3.3-27.el6_5.2 AND php-fpm is earlier than 0:5.3.3-27.el6_5.2 AND php-gd is earlier than 0:5.3.3-27.el6_5.2 AND php-imap is earlier than 0:5.3.3-27.el6_5.2 AND php-intl is earlier than 0:5.3.3-27.el6_5.2 AND php-ldap is earlier than 0:5.3.3-27.el6_5.2 AND php-mbstring is earlier than 0:5.3.3-27.el6_5.2 AND php-mysql is earlier than 0:5.3.3-27.el6_5.2 AND php-odbc is earlier than 0:5.3.3-27.el6_5.2 AND php-pdo is earlier than 0:5.3.3-27.el6_5.2 AND php-pgsql is earlier than 0:5.3.3-27.el6_5.2 AND php-process is earlier than 0:5.3.3-27.el6_5.2 AND php-pspell is earlier than 0:5.3.3-27.el6_5.2 AND php-recode is earlier than 0:5.3.3-27.el6_5.2 AND php-snmp is earlier than 0:5.3.3-27.el6_5.2 AND php-soap is earlier than 0:5.3.3-27.el6_5.2 AND php-tidy is earlier than 0:5.3.3-27.el6_5.2 AND php-xml is earlier than 0:5.3.3-27.el6_5.2 AND php-xmlrpc is earlier than 0:5.3.3-27.el6_5.2 AND php-zts is earlier than 0:5.3.3-27.el6_5.2

Definition Id: oval:org.mitre.oval:def:28064

Oval ID:	oval:org.mitre.oval:def:28064
Title:	DSA-3008-2 -- php5 regression update
Description:	Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Family:	unix	Class:	patch
Reference(s):	DSA-3008-2 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	php5
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND php5 is earlier than 0:5.4.4-14+deb7u13

CPE : Common Platform Enumeration

Type	Description	Count
Application	Christos Zoulas File cpe:2.3:a:christos_zoulas:file:5.18:::::::* cpe:2.3:a:christos_zoulas:file:5.17:::::::* cpe:2.3:a:christos_zoulas:file:5.16:::::::* cpe:2.3:a:christos_zoulas:file:5.15:::::::* cpe:2.3:a:christos_zoulas:file:5.14:::::::* cpe:2.3:a:christos_zoulas:file:5.13:::::::* cpe:2.3:a:christos_zoulas:file:5.12:::::::* cpe:2.3:a:christos_zoulas:file:5.11:::::::* cpe:2.3:a:christos_zoulas:file:5.10:::::::* cpe:2.3:a:christos_zoulas:file:5.09:::::::* cpe:2.3:a:christos_zoulas:file:5.08:::::::* cpe:2.3:a:christos_zoulas:file:5.07:::::::* cpe:2.3:a:christos_zoulas:file:5.06:::::::* cpe:2.3:a:christos_zoulas:file:5.05:::::::* cpe:2.3:a:christos_zoulas:file:5.04:::::::* cpe:2.3:a:christos_zoulas:file:5.03:::::::* cpe:2.3:a:christos_zoulas:file:5.02:::::::* cpe:2.3:a:christos_zoulas:file:5.01:::::::* cpe:2.3:a:christos_zoulas:file:5.00:::::::* cpe:2.3:a:christos_zoulas:file:4.26:::::::* cpe:2.3:a:christos_zoulas:file:4.25:::::::* cpe:2.3:a:christos_zoulas:file:4.24:::::::* cpe:2.3:a:christos_zoulas:file:4.23:::::::* cpe:2.3:a:christos_zoulas:file:4.21:::::::* cpe:2.3:a:christos_zoulas:file:4.20:::::::* cpe:2.3:a:christos_zoulas:file:4.19:::::::* cpe:2.3:a:christos_zoulas:file:4.17:::::::* cpe:2.3:a:christos_zoulas:file:4.16:::::::* cpe:2.3:a:christos_zoulas:file:4.15:::::::* cpe:2.3:a:christos_zoulas:file:4.14:::::::* cpe:2.3:a:christos_zoulas:file:4.13:::::::* cpe:2.3:a:christos_zoulas:file:4.12:::::::* cpe:2.3:a:christos_zoulas:file:4.11:::::::* cpe:2.3:a:christos_zoulas:file:4.09:::::::* cpe:2.3:a:christos_zoulas:file:4.08:::::::* cpe:2.3:a:christos_zoulas:file:4.07:::::::* cpe:2.3:a:christos_zoulas:file:4.06:::::::* cpe:2.3:a:christos_zoulas:file:4.04:::::::* cpe:2.3:a:christos_zoulas:file:4.03:::::::* cpe:2.3:a:christos_zoulas:file:4.02:::::::* cpe:2.3:a:christos_zoulas:file:4.01:::::::* cpe:2.3:a:christos_zoulas:file:3.41:::::::* cpe:2.3:a:christos_zoulas:file:3.40:::::::* cpe:2.3:a:christos_zoulas:file:3.39:::::::* cpe:2.3:a:christos_zoulas:file:3.38:::::::* cpe:2.3:a:christos_zoulas:file:3.37:::::::* cpe:2.3:a:christos_zoulas:file:3.36:::::::* cpe:2.3:a:christos_zoulas:file:3.34:::::::* cpe:2.3:a:christos_zoulas:file:3.33:::::::* cpe:2.3:a:christos_zoulas:file:3.32:::::::* cpe:2.3:a:christos_zoulas:file:3.31:::::::* cpe:2.3:a:christos_zoulas:file:3.30:::::::* cpe:2.3:a:christos_zoulas:file::::::::	53
Application	File Project File cpe:2.3:a:file_project:file:5.18:::::::* cpe:2.3:a:file_project:file:5.17:::::::* cpe:2.3:a:file_project:file:5.16:::::::* cpe:2.3:a:file_project:file:5.15:::::::* cpe:2.3:a:file_project:file:5.14:::::::* cpe:2.3:a:file_project:file:5.13:::::::* cpe:2.3:a:file_project:file:5.12:::::::* cpe:2.3:a:file_project:file:5.11:::::::* cpe:2.3:a:file_project:file:5.10:::::::* cpe:2.3:a:file_project:file:5.09:::::::* cpe:2.3:a:file_project:file:5.08:::::::* cpe:2.3:a:file_project:file::::::::	12
Application	Php cpe:2.3:a:php:php:5.5.9:-:::::: cpe:2.3:a:php:php:5.5.9:rc1:::::: cpe:2.3:a:php:php:5.5.8:-:::::: cpe:2.3:a:php:php:5.5.8:rc1:::::: cpe:2.3:a:php:php:5.5.7:-:::::: cpe:2.3:a:php:php:5.5.7:rc1:::::: cpe:2.3:a:php:php:5.5.6:-:::::: cpe:2.3:a:php:php:5.5.6:rc1:::::: cpe:2.3:a:php:php:5.5.5:-:::::: cpe:2.3:a:php:php:5.5.5:rc1:::::: cpe:2.3:a:php:php:5.5.4:-:::::: cpe:2.3:a:php:php:5.5.4:rc1:::::: cpe:2.3:a:php:php:5.5.3:::::::* cpe:2.3:a:php:php:5.5.2:-:::::: cpe:2.3:a:php:php:5.5.2:rc1:::::: cpe:2.3:a:php:php:5.5.14:-:::::: cpe:2.3:a:php:php:5.5.14:rc1:::::: cpe:2.3:a:php:php:5.5.13:-:::::: cpe:2.3:a:php:php:5.5.13:rc1:::::: cpe:2.3:a:php:php:5.5.12:-:::::: cpe:2.3:a:php:php:5.5.12:rc1:::::: cpe:2.3:a:php:php:5.5.11:-:::::: cpe:2.3:a:php:php:5.5.11:rc1:::::: cpe:2.3:a:php:php:5.5.10:-:::::: cpe:2.3:a:php:php:5.5.10:rc1:::::: cpe:2.3:a:php:php:5.5.1:::::::* cpe:2.3:a:php:php:5.5.0:alpha1:::::: cpe:2.3:a:php:php:5.5.0:beta4:::::: cpe:2.3:a:php:php:5.5.0:alpha6:::::: cpe:2.3:a:php:php:5.5.0:alpha2:::::: cpe:2.3:a:php:php:5.5.0:alpha5:::::: cpe:2.3:a:php:php:5.5.0:beta3:::::: cpe:2.3:a:php:php:5.5.0:beta2:::::: cpe:2.3:a:php:php:5.5.0:rc1:::::: cpe:2.3:a:php:php:5.5.0:alpha4:::::: cpe:2.3:a:php:php:5.5.0:beta1:::::: cpe:2.3:a:php:php:5.5.0:alpha3:::::: cpe:2.3:a:php:php:5.5.0:rc2:::::: cpe:2.3:a:php:php:5.5.0:-:::::: cpe:2.3:a:php:php:5.5.0:rc3:::::: cpe:2.3:a:php:php:5.4.9:-:::::: cpe:2.3:a:php:php:5.4.9:rc1:::::: cpe:2.3:a:php:php:5.4.8:-:::::: cpe:2.3:a:php:php:5.4.8:rc1:::::: cpe:2.3:a:php:php:5.4.7:-:::::: cpe:2.3:a:php:php:5.4.7:rc1:::::: cpe:2.3:a:php:php:5.4.6:-:::::: cpe:2.3:a:php:php:5.4.6:rc1:::::: cpe:2.3:a:php:php:5.4.5:-:::::: cpe:2.3:a:php:php:5.4.5:rc1:::::: cpe:2.3:a:php:php:5.4.45:::::::* cpe:2.3:a:php:php:5.4.44:::::::* cpe:2.3:a:php:php:5.4.43:::::::* cpe:2.3:a:php:php:5.4.42:::::::* cpe:2.3:a:php:php:5.4.41:::::::* cpe:2.3:a:php:php:5.4.40:::::::* cpe:2.3:a:php:php:5.4.4:-:::::: cpe:2.3:a:php:php:5.4.4:rc1:::::: cpe:2.3:a:php:php:5.4.4:rc2:::::: cpe:2.3:a:php:php:5.4.39:::::::* cpe:2.3:a:php:php:5.4.38:::::::* cpe:2.3:a:php:php:5.4.37:::::::* cpe:2.3:a:php:php:5.4.36:::::::* cpe:2.3:a:php:php:5.4.35:::::::* cpe:2.3:a:php:php:5.4.34:::::::* cpe:2.3:a:php:php:5.4.33:-:::::: cpe:2.3:a:php:php:5.4.33:rc1:::::: cpe:2.3:a:php:php:5.4.32:-:::::: cpe:2.3:a:php:php:5.4.32:rc1:::::: cpe:2.3:a:php:php:5.4.31:-:::::: cpe:2.3:a:php:php:5.4.31:rc1:::::: cpe:2.3:a:php:php:5.4.30:-:::::: cpe:2.3:a:php:php:5.4.30:rc1:::::: cpe:2.3:a:php:php:5.4.3:::::::* cpe:2.3:a:php:php:5.4.29:-:::::: cpe:2.3:a:php:php:5.4.29:rc1:::::: cpe:2.3:a:php:php:5.4.28:-:::::: cpe:2.3:a:php:php:5.4.28:rc1:::::: cpe:2.3:a:php:php:5.4.27:-:::::: cpe:2.3:a:php:php:5.4.27:rc1:::::: cpe:2.3:a:php:php:5.4.26:-:::::: cpe:2.3:a:php:php:5.4.26:rc1:::::: cpe:2.3:a:php:php:5.4.25:-:::::: cpe:2.3:a:php:php:5.4.25:rc1:::::: cpe:2.3:a:php:php:5.4.24:-:::::: cpe:2.3:a:php:php:5.4.24:rc1:::::: cpe:2.3:a:php:php:5.4.23:-:::::: cpe:2.3:a:php:php:5.4.23:rc1:::::: cpe:2.3:a:php:php:5.4.22:-:::::: cpe:2.3:a:php:php:5.4.22:rc1:::::: cpe:2.3:a:php:php:5.4.21:-:::::: cpe:2.3:a:php:php:5.4.21:rc1:::::: cpe:2.3:a:php:php:5.4.20:-:::::: cpe:2.3:a:php:php:5.4.20:rc1:::::: cpe:2.3:a:php:php:5.4.2:::::::* cpe:2.3:a:php:php:5.4.19:::::::* cpe:2.3:a:php:php:5.4.18:-:::::: cpe:2.3:a:php:php:5.4.18:rc1:::::: cpe:2.3:a:php:php:5.4.18:rc2:::::: cpe:2.3:a:php:php:5.4.17:-:::::: cpe:2.3:a:php:php:5.4.17:rc1:::::: cpe:2.3:a:php:php:5.4.16:rc1:::::: cpe:2.3:a:php:php:5.4.16:-:::::: cpe:2.3:a:php:php:5.4.15:rc1:::::: cpe:2.3:a:php:php:5.4.15:-:::::: cpe:2.3:a:php:php:5.4.14:rc1:::::: cpe:2.3:a:php:php:5.4.14:-:::::: cpe:2.3:a:php:php:5.4.13:rc1:::::: cpe:2.3:a:php:php:5.4.13:-:::::: cpe:2.3:a:php:php:5.4.12:rc2:::::: cpe:2.3:a:php:php:5.4.12:rc1:::::: cpe:2.3:a:php:php:5.4.12:-:::::: cpe:2.3:a:php:php:5.4.11:-:::::: cpe:2.3:a:php:php:5.4.11:rc1:::::: cpe:2.3:a:php:php:5.4.10:-:::::: cpe:2.3:a:php:php:5.4.10:rc1:::::: cpe:2.3:a:php:php:5.4.1:::::::* cpe:2.3:a:php:php:5.4.1:rc1:::::: cpe:2.3:a:php:php:5.4.1:rc2:::::: cpe:2.3:a:php:php:5.4.0:beta2:::::: cpe:2.3:a:php:php:5.4.0:beta2:32-bit:::::* cpe:2.3:a:php:php:5.4.0:rc2:::::: cpe:2.3:a:php:php:5.4.0:-:::::: cpe:2.3:a:php:php:5.4.0:alpha1:::::: cpe:2.3:a:php:php:5.4.0:alpha2:::::: cpe:2.3:a:php:php:5.4.0:alpha3:::::: cpe:2.3:a:php:php:5.4.0:beta1:::::: cpe:2.3:a:php:php:5.4.0:rc1:::::: cpe:2.3:a:php:php:5.4.0:rc3:::::: cpe:2.3:a:php:php:5.4.0:rc4:::::: cpe:2.3:a:php:php:5.4.0:rc5:::::: cpe:2.3:a:php:php:5.4.0:rc6:::::: cpe:2.3:a:php:php:5.4.0:rc7:::::: cpe:2.3:a:php:php:5.4.0:rc8:::::: cpe:2.3:a:php:php:5.3.9:-:::::: cpe:2.3:a:php:php:5.3.9:rc1:::::: cpe:2.3:a:php:php:5.3.9:rc2:::::: cpe:2.3:a:php:php:5.3.9:rc3:::::: cpe:2.3:a:php:php:5.3.9:rc4:::::: cpe:2.3:a:php:php:5.3.8:::::::* cpe:2.3:a:php:php:5.3.7:-:::::: cpe:2.3:a:php:php:5.3.7:rc1:::::: cpe:2.3:a:php:php:5.3.7:rc2:::::: cpe:2.3:a:php:php:5.3.7:rc3:::::: cpe:2.3:a:php:php:5.3.7:rc4:::::: cpe:2.3:a:php:php:5.3.7:rc5:::::: cpe:2.3:a:php:php:5.3.6:::::::* cpe:2.3:a:php:php:5.3.6:rc1:::::: cpe:2.3:a:php:php:5.3.6:rc2:::::: cpe:2.3:a:php:php:5.3.6:rc3:::::: cpe:2.3:a:php:php:5.3.5:::::::* cpe:2.3:a:php:php:5.3.4:-:::::: cpe:2.3:a:php:php:5.3.4:rc1:::::: cpe:2.3:a:php:php:5.3.4:rc2:::::: cpe:2.3:a:php:php:5.3.3:-:::::: cpe:2.3:a:php:php:5.3.3:rc1:::::: cpe:2.3:a:php:php:5.3.3:rc2:::::: cpe:2.3:a:php:php:5.3.3:rc3:::::: cpe:2.3:a:php:php:5.3.29:-:::::: cpe:2.3:a:php:php:5.3.29:rc1:::::: cpe:2.3:a:php:php:5.3.28:::::::* cpe:2.3:a:php:php:5.3.27:-:::::: cpe:2.3:a:php:php:5.3.27:rc1:::::: cpe:2.3:a:php:php:5.3.26:-:::::: cpe:2.3:a:php:php:5.3.26:rc1:::::: cpe:2.3:a:php:php:5.3.25:-:::::: cpe:2.3:a:php:php:5.3.25:rc1:::::: cpe:2.3:a:php:php:5.3.24:-:::::: cpe:2.3:a:php:php:5.3.24:rc1:::::: cpe:2.3:a:php:php:5.3.23:-:::::: cpe:2.3:a:php:php:5.3.23:rc1:::::: cpe:2.3:a:php:php:5.3.22:-:::::: cpe:2.3:a:php:php:5.3.22:rc1:::::: cpe:2.3:a:php:php:5.3.22:rc2:::::: cpe:2.3:a:php:php:5.3.21:-:::::: cpe:2.3:a:php:php:5.3.21:rc1:::::: cpe:2.3:a:php:php:5.3.20:-:::::: cpe:2.3:a:php:php:5.3.20:rc1:::::: cpe:2.3:a:php:php:5.3.2:-:::::: cpe:2.3:a:php:php:5.3.2:rc1:::::: cpe:2.3:a:php:php:5.3.2:rc2:::::: cpe:2.3:a:php:php:5.3.2:rc3:::::: cpe:2.3:a:php:php:5.3.19:-:::::: cpe:2.3:a:php:php:5.3.19:rc1:::::: cpe:2.3:a:php:php:5.3.18:-:::::: cpe:2.3:a:php:php:5.3.18:rc1:::::: cpe:2.3:a:php:php:5.3.17:::::::* cpe:2.3:a:php:php:5.3.16:::::::* cpe:2.3:a:php:php:5.3.15:-:::::: cpe:2.3:a:php:php:5.3.15:rc1:::::: cpe:2.3:a:php:php:5.3.14:-:::::: cpe:2.3:a:php:php:5.3.14:rc1:::::: cpe:2.3:a:php:php:5.3.14:rc2:::::: cpe:2.3:a:php:php:5.3.13:::::::* cpe:2.3:a:php:php:5.3.12:::::::* cpe:2.3:a:php:php:5.3.11:-:::::: cpe:2.3:a:php:php:5.3.11:rc1:::::: cpe:2.3:a:php:php:5.3.11:rc2:::::: cpe:2.3:a:php:php:5.3.10:::::::* cpe:2.3:a:php:php:5.3.1:-:::::: cpe:2.3:a:php:php:5.3.1:rc1:::::: cpe:2.3:a:php:php:5.3.1:rc2:::::: cpe:2.3:a:php:php:5.3.1:rc3:::::: cpe:2.3:a:php:php:5.3.1:rc4:::::: cpe:2.3:a:php:php:5.3.0:-:::::: cpe:2.3:a:php:php:5.3.0:alpha1:::::: cpe:2.3:a:php:php:5.3.0:alpha2:::::: cpe:2.3:a:php:php:5.3.0:alpha3:::::: cpe:2.3:a:php:php:5.3.0:beta1:::::: cpe:2.3:a:php:php:5.3.0:rc1:::::: cpe:2.3:a:php:php:5.3.0:rc2:::::: cpe:2.3:a:php:php:5.3.0:rc3:::::: cpe:2.3:a:php:php:5.3.0:rc4:::::: cpe:2.3:a:php:php:5.2.9:-:::::: cpe:2.3:a:php:php:5.2.9:rc1:::::: cpe:2.3:a:php:php:5.2.9:rc2:::::: cpe:2.3:a:php:php:5.2.9:rc3:::::: cpe:2.3:a:php:php:5.2.8:::::::* cpe:2.3:a:php:php:5.2.7:-:::::: cpe:2.3:a:php:php:5.2.7:rc1:::::: cpe:2.3:a:php:php:5.2.7:rc2:::::: cpe:2.3:a:php:php:5.2.7:rc3:::::: cpe:2.3:a:php:php:5.2.7:rc4:::::: cpe:2.3:a:php:php:5.2.7:rc5:::::: cpe:2.3:a:php:php:5.2.6:-:::::: cpe:2.3:a:php:php:5.2.6:rc1:::::: cpe:2.3:a:php:php:5.2.6:rc2:::::: cpe:2.3:a:php:php:5.2.6:rc3:::::: cpe:2.3:a:php:php:5.2.6:rc4:::::: cpe:2.3:a:php:php:5.2.6:rc5:::::: cpe:2.3:a:php:php:5.2.5:-:::::: cpe:2.3:a:php:php:5.2.5:rc1:::::: cpe:2.3:a:php:php:5.2.5:rc2:::::: cpe:2.3:a:php:php:5.2.4::windows::::: cpe:2.3:a:php:php:5.2.4:-:::::: cpe:2.3:a:php:php:5.2.4:rc1:::::: cpe:2.3:a:php:php:5.2.4:rc2:::::: cpe:2.3:a:php:php:5.2.4:rc3:::::: cpe:2.3:a:php:php:5.2.3:-:::::: cpe:2.3:a:php:php:5.2.3:rc1:::::: cpe:2.3:a:php:php:5.2.2:-:::::: cpe:2.3:a:php:php:5.2.2:rc1:::::: cpe:2.3:a:php:php:5.2.2:rc2:::::: cpe:2.3:a:php:php:5.2.17:::::::* cpe:2.3:a:php:php:5.2.16:::::::* cpe:2.3:a:php:php:5.2.15:-:::::: cpe:2.3:a:php:php:5.2.15:rc1:::::: cpe:2.3:a:php:php:5.2.15:rc2:::::: cpe:2.3:a:php:php:5.2.14:-:::::: cpe:2.3:a:php:php:5.2.14:rc1:::::: cpe:2.3:a:php:php:5.2.14:rc2:::::: cpe:2.3:a:php:php:5.2.14:rc3:::::: cpe:2.3:a:php:php:5.2.13:-:::::: cpe:2.3:a:php:php:5.2.13:rc1:::::: cpe:2.3:a:php:php:5.2.13:rc2:::::: cpe:2.3:a:php:php:5.2.12:-:::::: cpe:2.3:a:php:php:5.2.12:rc1:::::: cpe:2.3:a:php:php:5.2.12:rc2:::::: cpe:2.3:a:php:php:5.2.12:rc3:::::: cpe:2.3:a:php:php:5.2.12:rc4:::::: cpe:2.3:a:php:php:5.2.11:-:::::: cpe:2.3:a:php:php:5.2.11:rc1:::::: cpe:2.3:a:php:php:5.2.11:rc2:::::: cpe:2.3:a:php:php:5.2.11:rc3:::::: cpe:2.3:a:php:php:5.2.10:-:::::: cpe:2.3:a:php:php:5.2.10:rc1:::::: cpe:2.3:a:php:php:5.2.10:rc2:::::: cpe:2.3:a:php:php:5.2.1:-:::::: cpe:2.3:a:php:php:5.2.1:rc1:::::: cpe:2.3:a:php:php:5.2.1:rc2:::::: cpe:2.3:a:php:php:5.2.1:rc3:::::: cpe:2.3:a:php:php:5.2.1:rc4:::::: cpe:2.3:a:php:php:5.2.0:::::::* cpe:2.3:a:php:php:5.2.0:rc1:::::: cpe:2.3:a:php:php:5.2.0:rc2:::::: cpe:2.3:a:php:php:5.2.0:rc3:::::: cpe:2.3:a:php:php:5.2.0:rc4:::::: cpe:2.3:a:php:php:5.2.0:rc5:::::: cpe:2.3:a:php:php:5.2.0:rc6:::::: cpe:2.3:a:php:php:5.1.6:::::::* cpe:2.3:a:php:php:5.1.5:-:::::: cpe:2.3:a:php:php:5.1.5:rc1:::::: cpe:2.3:a:php:php:5.1.4:::::::* cpe:2.3:a:php:php:5.1.3:::::::* cpe:2.3:a:php:php:5.1.3:rc1:::::: cpe:2.3:a:php:php:5.1.3:rc2:::::: cpe:2.3:a:php:php:5.1.3:rc3:::::: cpe:2.3:a:php:php:5.1.2:-:::::: cpe:2.3:a:php:php:5.1.2:rc1:::::: cpe:2.3:a:php:php:5.1.2:rc2:::::: cpe:2.3:a:php:php:5.1.1:::::::* cpe:2.3:a:php:php:5.1.0:-:::::: cpe:2.3:a:php:php:5.1.0:beta1:::::: cpe:2.3:a:php:php:5.1.0:beta2:::::: cpe:2.3:a:php:php:5.1.0:beta3:::::: cpe:2.3:a:php:php:5.1.0:rc1:::::: cpe:2.3:a:php:php:5.1.0:rc2:::::: cpe:2.3:a:php:php:5.1.0:rc2-pre:::::: cpe:2.3:a:php:php:5.1.0:rc3:::::: cpe:2.3:a:php:php:5.1.0:rc4:::::: cpe:2.3:a:php:php:5.1.0:rc5:::::: cpe:2.3:a:php:php:5.1.0:rc6:::::: cpe:2.3:a:php:php:5.0.5:-:::::: cpe:2.3:a:php:php:5.0.5:rc1:::::: cpe:2.3:a:php:php:5.0.5:rc2:::::: cpe:2.3:a:php:php:5.0.4:-:::::: cpe:2.3:a:php:php:5.0.4:rc1:::::: cpe:2.3:a:php:php:5.0.4:rc2:::::: cpe:2.3:a:php:php:5.0.3:-:::::: cpe:2.3:a:php:php:5.0.3:rc1:::::: cpe:2.3:a:php:php:5.0.3:rc2:::::: cpe:2.3:a:php:php:5.0.2:-:::::: cpe:2.3:a:php:php:5.0.2:rc1:::::: cpe:2.3:a:php:php:5.0.1:-:::::: cpe:2.3:a:php:php:5.0.1:beta1:::::: cpe:2.3:a:php:php:5.0.1:rc1:::::: cpe:2.3:a:php:php:5.0.1:rc2:::::: cpe:2.3:a:php:php:5.0.0:beta3:::::: cpe:2.3:a:php:php:5.0.0:rc3:::::: cpe:2.3:a:php:php:5.0.0:beta1:::::: cpe:2.3:a:php:php:5.0.0:beta4:::::: cpe:2.3:a:php:php:5.0.0:rc1:::::: cpe:2.3:a:php:php:5.0.0:beta2:::::: cpe:2.3:a:php:php:5.0.0:rc2:::::: cpe:2.3:a:php:php:5.0.0:-:::::: cpe:2.3:a:php:php:5.0:rc1:::::: cpe:2.3:a:php:php:5.0:rc3:::::: cpe:2.3:a:php:php:5.0:rc2:::::: cpe:2.3:a:php:php:5:::::::* cpe:2.3:a:php:php:4.4.9:-:::::: cpe:2.3:a:php:php:4.4.9:rc1:::::: cpe:2.3:a:php:php:4.4.8:-:::::: cpe:2.3:a:php:php:4.4.8:rc1:::::: cpe:2.3:a:php:php:4.4.7:-:::::: cpe:2.3:a:php:php:4.4.7:rc1:::::: cpe:2.3:a:php:php:4.4.6:-:::::: cpe:2.3:a:php:php:4.4.6:rc1:::::: cpe:2.3:a:php:php:4.4.5:-:::::: cpe:2.3:a:php:php:4.4.5:rc1:::::: cpe:2.3:a:php:php:4.4.5:rc2:::::: cpe:2.3:a:php:php:4.4.4:-:::::: cpe:2.3:a:php:php:4.4.4:rc1:::::: cpe:2.3:a:php:php:4.4.3:-:::::: cpe:2.3:a:php:php:4.4.3:rc1:::::: cpe:2.3:a:php:php:4.4.3:rc2:::::: cpe:2.3:a:php:php:4.4.2:-:::::: cpe:2.3:a:php:php:4.4.2:rc1:::::: cpe:2.3:a:php:php:4.4.2:rc2:::::: cpe:2.3:a:php:php:4.4.1:-:::::: cpe:2.3:a:php:php:4.4.1:rc1:::::: cpe:2.3:a:php:php:4.4.0:-:::::: cpe:2.3:a:php:php:4.4.0:rc1:::::: cpe:2.3:a:php:php:4.4.0:rc2:::::: cpe:2.3:a:php:php:4.3.9:::::::* cpe:2.3:a:php:php:4.3.9:rc1:::::: cpe:2.3:a:php:php:4.3.9:rc2:::::: cpe:2.3:a:php:php:4.3.9:rc3:::::: cpe:2.3:a:php:php:4.3.8:::::::* cpe:2.3:a:php:php:4.3.7:-:::::: cpe:2.3:a:php:php:4.3.7:rc1:::::: cpe:2.3:a:php:php:4.3.6:-:::::: cpe:2.3:a:php:php:4.3.6:rc1:::::: cpe:2.3:a:php:php:4.3.6:rc2:::::: cpe:2.3:a:php:php:4.3.6:rc3:::::: cpe:2.3:a:php:php:4.3.5:-:::::: cpe:2.3:a:php:php:4.3.5:rc1:::::: cpe:2.3:a:php:php:4.3.5:rc2:::::: cpe:2.3:a:php:php:4.3.5:rc3:::::: cpe:2.3:a:php:php:4.3.5:rc4:::::: cpe:2.3:a:php:php:4.3.4:-:::::: cpe:2.3:a:php:php:4.3.4:rc1:::::: cpe:2.3:a:php:php:4.3.4:rc2:::::: cpe:2.3:a:php:php:4.3.4:rc3:::::: cpe:2.3:a:php:php:4.3.3:-:::::: cpe:2.3:a:php:php:4.3.3:rc1:::::: cpe:2.3:a:php:php:4.3.3:rc2:::::: cpe:2.3:a:php:php:4.3.3:rc3:::::: cpe:2.3:a:php:php:4.3.3:rc4:::::: cpe:2.3:a:php:php:4.3.2:-:::::: cpe:2.3:a:php:php:4.3.2:rc1:::::: cpe:2.3:a:php:php:4.3.2:rc2:::::: cpe:2.3:a:php:php:4.3.2:rc3:::::: cpe:2.3:a:php:php:4.3.2:rc4:::::: cpe:2.3:a:php:php:4.3.11:-:::::: cpe:2.3:a:php:php:4.3.11:rc1:::::: cpe:2.3:a:php:php:4.3.11:rc2:::::: cpe:2.3:a:php:php:4.3.10:-:::::: cpe:2.3:a:php:php:4.3.10:rc1:::::: cpe:2.3:a:php:php:4.3.10:rc2:::::: cpe:2.3:a:php:php:4.3.1:::::::* cpe:2.3:a:php:php:4.3.0:-:::::: cpe:2.3:a:php:php:4.3.0:alpha1:::::: cpe:2.3:a:php:php:4.3.0:alpha2:::::: cpe:2.3:a:php:php:4.3.0:alpha3:::::: cpe:2.3:a:php:php:4.3.0:dev:::::: cpe:2.3:a:php:php:4.3.0:pre1:::::: cpe:2.3:a:php:php:4.3.0:pre2:::::: cpe:2.3:a:php:php:4.3.0:rc1:::::: cpe:2.3:a:php:php:4.3.0:rc2:::::: cpe:2.3:a:php:php:4.3.0:rc3:::::: cpe:2.3:a:php:php:4.3.0:rc4:::::: cpe:2.3:a:php:php:4.2.3:-:::::: cpe:2.3:a:php:php:4.2.3:rc1:::::: cpe:2.3:a:php:php:4.2.3:rc2:::::: cpe:2.3:a:php:php:4.2.2:::::::* cpe:2.3:a:php:php:4.2.1:-:::::: cpe:2.3:a:php:php:4.2.1:rc1:::::: cpe:2.3:a:php:php:4.2.1:rc2:::::: cpe:2.3:a:php:php:4.2.0:-:::::: cpe:2.3:a:php:php:4.2.0:rc1:::::: cpe:2.3:a:php:php:4.2.0:rc2:::::: cpe:2.3:a:php:php:4.2.0:rc3:::::: cpe:2.3:a:php:php:4.2.0:rc4:::::: cpe:2.3:a:php:php:4.2::dev::::: cpe:2.3:a:php:php:4.1.2:::::::* cpe:2.3:a:php:php:4.1.1:::::::* cpe:2.3:a:php:php:4.1.0:-:::::: cpe:2.3:a:php:php:4.1.0:rc1:::::: cpe:2.3:a:php:php:4.1.0:rc2:::::: cpe:2.3:a:php:php:4.1.0:rc3:::::: cpe:2.3:a:php:php:4.1.0:rc4:::::: cpe:2.3:a:php:php:4.1.0:rc5:::::: cpe:2.3:a:php:php:4.0.7:rc3:::::: cpe:2.3:a:php:php:4.0.7:rc2:::::: cpe:2.3:a:php:php:4.0.7:rc4:::::: cpe:2.3:a:php:php:4.0.7:rc1:::::: cpe:2.3:a:php:php:4.0.7:-:::::: cpe:2.3:a:php:php:4.0.6:-:::::: cpe:2.3:a:php:php:4.0.6:rc1:::::: cpe:2.3:a:php:php:4.0.6:rc2:::::: cpe:2.3:a:php:php:4.0.6:rc3:::::: cpe:2.3:a:php:php:4.0.6:rc4:::::: cpe:2.3:a:php:php:4.0.5:-:::::: cpe:2.3:a:php:php:4.0.5:rc1:::::: cpe:2.3:a:php:php:4.0.5:rc2:::::: cpe:2.3:a:php:php:4.0.5:rc3:::::: cpe:2.3:a:php:php:4.0.5:rc4:::::: cpe:2.3:a:php:php:4.0.5:rc5:::::: cpe:2.3:a:php:php:4.0.5:rc6:::::: cpe:2.3:a:php:php:4.0.5:rc7:::::: cpe:2.3:a:php:php:4.0.5:rc8:::::: cpe:2.3:a:php:php:4.0.4pl1:::::::* cpe:2.3:a:php:php:4.0.4:patch1:::::: cpe:2.3:a:php:php:4.0.4:-:::::: cpe:2.3:a:php:php:4.0.4:rc1:::::: cpe:2.3:a:php:php:4.0.4:rc2:::::: cpe:2.3:a:php:php:4.0.4:rc3:::::: cpe:2.3:a:php:php:4.0.4:rc4:::::: cpe:2.3:a:php:php:4.0.4:rc5:::::: cpe:2.3:a:php:php:4.0.4:rc6:::::: cpe:2.3:a:php:php:4.0.3:::::::* cpe:2.3:a:php:php:4.0.3:patch1:::::: cpe:2.3:a:php:php:4.0.3:rc1:::::: cpe:2.3:a:php:php:4.0.3:rc2:::::: cpe:2.3:a:php:php:4.0.2:::::::* cpe:2.3:a:php:php:4.0.2:rc1:::::: cpe:2.3:a:php:php:4.0.1:patch2:::::: cpe:2.3:a:php:php:4.0.1:patch1:::::: cpe:2.3:a:php:php:4.0.1:-:::::: cpe:2.3:a:php:php:4.0.1:rc:::::: cpe:2.3:a:php:php:4.0.1:rc2:::::: cpe:2.3:a:php:php:4.0.0:::::::* cpe:2.3:a:php:php:4.0:beta1:::::: cpe:2.3:a:php:php:4.0:beta2:::::: cpe:2.3:a:php:php:4.0:beta3:::::: cpe:2.3:a:php:php:4.0:beta4:::::: cpe:2.3:a:php:php:4.0:beta_4_patch1:::::: cpe:2.3:a:php:php:4.0:rc1:::::: cpe:2.3:a:php:php:4.0:rc2:::::: cpe:2.3:a:php:php:4.0:-:::::: cpe:2.3:a:php:php:4:::::::* cpe:2.3:a:php:php:3.0.9:::::::* cpe:2.3:a:php:php:3.0.8:::::::* cpe:2.3:a:php:php:3.0.7:::::::* cpe:2.3:a:php:php:3.0.6:::::::* cpe:2.3:a:php:php:3.0.5:::::::* cpe:2.3:a:php:php:3.0.4:::::::* cpe:2.3:a:php:php:3.0.3:::::::* cpe:2.3:a:php:php:3.0.2:::::::* cpe:2.3:a:php:php:3.0.18:::::::* cpe:2.3:a:php:php:3.0.17:::::::* cpe:2.3:a:php:php:3.0.16:::::::* cpe:2.3:a:php:php:3.0.15:::::::* cpe:2.3:a:php:php:3.0.14:::::::* cpe:2.3:a:php:php:3.0.13:::::::* cpe:2.3:a:php:php:3.0.12:::::::* cpe:2.3:a:php:php:3.0.11:::::::* cpe:2.3:a:php:php:3.0.10:::::::* cpe:2.3:a:php:php:3.0.1:::::::* cpe:2.3:a:php:php:3.0:::::::* cpe:2.3:a:php:php:2.0b10:::::::* cpe:2.3:a:php:php:2.0.2:::::::* cpe:2.3:a:php:php:2.0.1:::::::* cpe:2.3:a:php:php:2.0.0:-:::::: cpe:2.3:a:php:php:2.0.0:alpha1:::::: cpe:2.3:a:php:php:2.0.0:alpha2:::::: cpe:2.3:a:php:php:2.0.0:beta1:::::: cpe:2.3:a:php:php:2.0.0:rc1:::::: cpe:2.3:a:php:php:2.0:::::::* cpe:2.3:a:php:php:1.5:::::::* cpe:2.3:a:php:php:1.4:::::::* cpe:2.3:a:php:php:1.3.5:::::::* cpe:2.3:a:php:php:1.3.1:::::::* cpe:2.3:a:php:php:1.3:-:::::: cpe:2.3:a:php:php:1.3:beta2:::::: cpe:2.3:a:php:php:1.3:beta3:::::: cpe:2.3:a:php:php:1.3:beta6:::::: cpe:2.3:a:php:php:1.2.5:::::::* cpe:2.3:a:php:php:1.2.4:::::::* cpe:2.3:a:php:php:1.2.3:::::::* cpe:2.3:a:php:php:1.2.2:::::::* cpe:2.3:a:php:php:1.2.1:::::::* cpe:2.3:a:php:php:1.2.0:::::::* cpe:2.3:a:php:php:1.2:::::::* cpe:2.3:a:php:php:1.1.1:::::::* cpe:2.3:a:php:php:1.1.0:::::::* cpe:2.3:a:php:php:1.1:::::::* cpe:2.3:a:php:php:1.0.4:::::::* cpe:2.3:a:php:php:1.0.3:::::::* cpe:2.3:a:php:php:1.0.2:::::::* cpe:2.3:a:php:php:1.0.1:::::::* cpe:2.3:a:php:php:1.0.0:-:::::: cpe:2.3:a:php:php:1.0.0:rc1:::::: cpe:2.3:a:php:php:1.0:beta1:::::: cpe:2.3:a:php:php:1.0:beta2:::::: cpe:2.3:a:php:php:1.0:beta3:::::: cpe:2.3:a:php:php:1.0:rc1:::::: cpe:2.3:a:php:php:1.0:rc2:::::: cpe:2.3:a:php:php:0.91:::::::* cpe:2.3:a:php:php:0.90:::::::* cpe:2.3:a:php:php:0.9.4:::::::* cpe:2.3:a:php:php:0.9.3:::::::* cpe:2.3:a:php:php:0.9.2:::::::* cpe:2.3:a:php:php:0.9.1:::::::* cpe:2.3:a:php:php:0.9.0:::::::* cpe:2.3:a:php:php:0.9:::::::* cpe:2.3:a:php:php:0.7:::::::* cpe:2.3:a:php:php:0.6:::::::* cpe:2.3:a:php:php:0.5.3:::::::* cpe:2.3:a:php:php:0.5.2:::::::* cpe:2.3:a:php:php:0.5:::::::* cpe:2.3:a:php:php:0.4:::::::* cpe:2.3:a:php:php:0.3:::::::* cpe:2.3:a:php:php:0.2.4:::::::* cpe:2.3:a:php:php:0.2.3:::::::* cpe:2.3:a:php:php:0.2.2:::::::* cpe:2.3:a:php:php:0.2.1:::::::* cpe:2.3:a:php:php:0.2.0:::::::* cpe:2.3:a:php:php:0.2:::::::* cpe:2.3:a:php:php:0.11:::::::* cpe:2.3:a:php:php:0.10:::::::* cpe:2.3:a:php:php:0.1.1:::::::* cpe:2.3:a:php:php:0.1:::::::* cpe:2.3:a:php:php:::::::: cpe:2.3:a:php:php:-:::::::*	555
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:11.4:::::::*	1
Os	Oracle Linux cpe:2.3:o:oracle:linux:7:-::::::	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-07-03	IAVM : 2014-B-0086 - Multiple Vulnerabilities in PHP Severity : Category I - VMSKEY : V0052897

Snort® IPS/IDS

Date	Description
2017-12-13	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44749 - Revision : 2 - Type : SERVER-WEBAPP
2017-12-13	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44748 - Revision : 2 - Type : SERVER-WEBAPP
2017-12-13	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44747 - Revision : 2 - Type : SERVER-WEBAPP
2017-12-13	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44746 - Revision : 2 - Type : SERVER-WEBAPP
2017-12-13	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44745 - Revision : 2 - Type : SERVER-WEBAPP
2017-12-13	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 44744 - Revision : 2 - Type : SERVER-WEBAPP
2015-08-04	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 35011 - Revision : 2 - Type : SERVER-WEBAPP
2015-08-04	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 35010 - Revision : 2 - Type : SERVER-WEBAPP
2015-08-04	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 35009 - Revision : 3 - Type : SERVER-WEBAPP
2015-08-04	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 35008 - Revision : 3 - Type : SERVER-WEBAPP
2015-08-04	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 35007 - Revision : 3 - Type : SERVER-WEBAPP
2015-08-04	PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a... RuleID : 35006 - Revision : 3 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date	Description
2016-08-29	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2015-12-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151119_file_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2155.nasl - Type : ACT_GATHER_INFO
2015-09-24	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17313.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2015-04-10	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-67.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-27.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-18.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-145.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_file_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1606.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-393.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-382.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-372.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-367.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-09-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1326.nasl - Type : ACT_GATHER_INFO
2014-09-18	Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-09-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3021.nasl - Type : ACT_GATHER_INFO
2014-08-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO
2014-08-22	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3008.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_3_29.nasl - Type : ACT_GATHER_INFO
2014-08-19	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d2a892b9260511e49da000a0986f28c4.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140806_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-149.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1013.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1012.nasl - Type : ACT_GATHER_INFO
2014-08-01	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-471.nasl - Type : ACT_GATHER_INFO
2014-07-31	Name : The remote openSUSE host is missing a security update. File : suse_13_1_openSUSE-2014--140721.nasl - Type : ACT_GATHER_INFO
2014-07-31	Name : The remote openSUSE host is missing a security update. File : suse_12_3_openSUSE-2014--140721.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_apache2-mod_php53-140720.nasl - Type : ACT_GATHER_INFO
2014-07-25	Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_5_15.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-464.nasl - Type : ACT_GATHER_INFO
2014-07-16	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2278-1.nasl - Type : ACT_GATHER_INFO
2014-07-14	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-192-01.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2276-1.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-131.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-130.nasl - Type : ACT_GATHER_INFO
2014-07-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2974.nasl - Type : ACT_GATHER_INFO
2014-07-08	Name : The remote Fedora host is missing a security update. File : fedora_2014-7782.nasl - Type : ACT_GATHER_INFO
2014-07-06	Name : The remote Fedora host is missing a security update. File : fedora_2014-7992.nasl - Type : ACT_GATHER_INFO
2014-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2014-7765.nasl - Type : ACT_GATHER_INFO
2014-06-27	Name : The remote web server is running a version of PHP that is affected by multipl... File : php_5_4_30.nasl - Type : ACT_GATHER_INFO
2014-06-27	Name : The remote web server is running a version of PHP that is affected by multipl... File : php_5_5_14.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-07-11 13:25:14	Multiple Updates
2014-07-10 17:28:53	Multiple Updates
2014-07-09 21:28:25	Multiple Updates
2014-07-09 21:22:51	First insertion

Global Informations

Type	Count
CWE ID(s)	4
Oval ID(s)	10
CPE ID(s)	624
IAVM(s)	1
Snort® Rule(s)	12
Nessus® Exploit(s)	58

	Related
7.5	CVE-2014-3515
5	CVE-2014-3478
4.6	CVE-2014-4698
4.6	CVE-2014-4670
4.3	CVE-2014-3487
4.3	CVE-2014-3480
4.3	CVE-2014-3479
4.3	CVE-2014-0207
2.6	CVE-2014-4721
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 9 more Alert(s)

7.5 - USN-2276-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU