oval:org.mitre.oval:def:7256

Definition Id: oval:org.mitre.oval:def:7256

Oval ID:	oval:org.mitre.oval:def:7256
Title:	HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
Description:	The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-4018	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02543 platforms HP-UX B.11.31 AND HP Release B.11.23 AND filesets tests hpuxws22APCH32.PHP version is less than B.2.2.8.10 AND hpuxws22APCH32.PHP2 version is less than B.2.2.8.10 AND hpuxws22APACHE.PHP version is less than B.2.2.8.10 AND hpuxws22APACHE.PHP2 version is less than B.2.2.8.10 OR Criteria meets HP Security Bulletin HPSBUX02543 platforms HP-UX B.11.31 AND HP Release B.11.11 AND HP Release B.11.23 AND filesets tests hpuxwsAPCH32.PHP version is less than B.2.0.59.16 AND hpuxwsAPCH32.PHP2 version is less than B.2.0.59.16 AND hpuxwsAPACHE.PHP version is less than B.2.0.59.16 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.16