ID CVE-2012-2688
Summary Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
References
Vulnerable Configurations
  • PHP PHP_FI 1.0
    cpe:2.3:a:php:php:1.0
  • PHP PHP_FI 2.0
    cpe:2.3:a:php:php:2.0
  • PHP PHP_FI 2.0b10
    cpe:2.3:a:php:php:2.0b10
  • PHP PHP 3.0
    cpe:2.3:a:php:php:3.0
  • PHP PHP 3.0.1
    cpe:2.3:a:php:php:3.0.1
  • PHP PHP 3.0.2
    cpe:2.3:a:php:php:3.0.2
  • PHP PHP 3.0.3
    cpe:2.3:a:php:php:3.0.3
  • PHP PHP 3.0.4
    cpe:2.3:a:php:php:3.0.4
  • PHP PHP 3.0.5
    cpe:2.3:a:php:php:3.0.5
  • PHP PHP 3.0.6
    cpe:2.3:a:php:php:3.0.6
  • PHP PHP 3.0.7
    cpe:2.3:a:php:php:3.0.7
  • PHP PHP 3.0.8
    cpe:2.3:a:php:php:3.0.8
  • PHP PHP 3.0.9
    cpe:2.3:a:php:php:3.0.9
  • PHP PHP 3.0.10
    cpe:2.3:a:php:php:3.0.10
  • PHP PHP 3.0.11
    cpe:2.3:a:php:php:3.0.11
  • PHP PHP 3.0.12
    cpe:2.3:a:php:php:3.0.12
  • PHP PHP 3.0.13
    cpe:2.3:a:php:php:3.0.13
  • PHP PHP 3.0.14
    cpe:2.3:a:php:php:3.0.14
  • PHP PHP 3.0.15
    cpe:2.3:a:php:php:3.0.15
  • PHP PHP 3.0.16
    cpe:2.3:a:php:php:3.0.16
  • PHP PHP 3.0.17
    cpe:2.3:a:php:php:3.0.17
  • PHP PHP 3.0.18
    cpe:2.3:a:php:php:3.0.18
  • PHP PHP 4.0 Beta 1
    cpe:2.3:a:php:php:4.0:beta1
  • PHP PHP 4.0 Beta 2
    cpe:2.3:a:php:php:4.0:beta2
  • PHP PHP 4.0 Beta 3
    cpe:2.3:a:php:php:4.0:beta3
  • PHP PHP 4.0 Beta 4
    cpe:2.3:a:php:php:4.0:beta4
  • PHP PHP 4.0 Beta 4 Patch Level 1
    cpe:2.3:a:php:php:4.0:beta_4_patch1
  • PHP PHP 4.0.0
    cpe:2.3:a:php:php:4.0.0
  • PHP 4.0.1 -
    cpe:2.3:a:php:php:4.0.1
  • PHP PHP 4.0.2
    cpe:2.3:a:php:php:4.0.2
  • PHP PHP 4.0.3
    cpe:2.3:a:php:php:4.0.3
  • PHP 4.0.4 -
    cpe:2.3:a:php:php:4.0.4
  • PHP 4.0.5 -
    cpe:2.3:a:php:php:4.0.5
  • PHP 4.0.6 -
    cpe:2.3:a:php:php:4.0.6
  • PHP 4.0.7 -
    cpe:2.3:a:php:php:4.0.7
  • PHP 4.1.0 -
    cpe:2.3:a:php:php:4.1.0
  • PHP PHP 4.1.1
    cpe:2.3:a:php:php:4.1.1
  • PHP PHP 4.1.2
    cpe:2.3:a:php:php:4.1.2
  • PHP 4.2.0 -
    cpe:2.3:a:php:php:4.2.0
  • PHP 4.2.1 -
    cpe:2.3:a:php:php:4.2.1
  • PHP PHP 4.2.2
    cpe:2.3:a:php:php:4.2.2
  • PHP 4.2.3 -
    cpe:2.3:a:php:php:4.2.3
  • PHP 4.3.0 -
    cpe:2.3:a:php:php:4.3.0
  • PHP PHP 4.3.1
    cpe:2.3:a:php:php:4.3.1
  • PHP 4.3.2 -
    cpe:2.3:a:php:php:4.3.2
  • PHP 4.3.3 -
    cpe:2.3:a:php:php:4.3.3
  • PHP 4.3.4 -
    cpe:2.3:a:php:php:4.3.4
  • PHP 4.3.5 -
    cpe:2.3:a:php:php:4.3.5
  • PHP 4.3.6 -
    cpe:2.3:a:php:php:4.3.6
  • PHP 4.3.7 -
    cpe:2.3:a:php:php:4.3.7
  • PHP PHP 4.3.8
    cpe:2.3:a:php:php:4.3.8
  • PHP PHP 4.3.9
    cpe:2.3:a:php:php:4.3.9
  • PHP 4.3.10 -
    cpe:2.3:a:php:php:4.3.10
  • PHP 4.3.11 -
    cpe:2.3:a:php:php:4.3.11
  • PHP 4.4.0 -
    cpe:2.3:a:php:php:4.4.0
  • PHP 4.4.1 -
    cpe:2.3:a:php:php:4.4.1
  • PHP 4.4.2 -
    cpe:2.3:a:php:php:4.4.2
  • PHP 4.4.3 -
    cpe:2.3:a:php:php:4.4.3
  • PHP 4.4.4 -
    cpe:2.3:a:php:php:4.4.4
  • PHP 4.4.5 -
    cpe:2.3:a:php:php:4.4.5
  • PHP 4.4.6 -
    cpe:2.3:a:php:php:4.4.6
  • PHP 4.4.7 -
    cpe:2.3:a:php:php:4.4.7
  • PHP 4.4.8 -
    cpe:2.3:a:php:php:4.4.8
  • PHP 4.4.9 -
    cpe:2.3:a:php:php:4.4.9
  • PHP 5.0.0 -
    cpe:2.3:a:php:php:5.0.0
  • PHP PHP 5.0.0 Beta1
    cpe:2.3:a:php:php:5.0.0:beta1
  • PHP PHP 5.0.0 Beta2
    cpe:2.3:a:php:php:5.0.0:beta2
  • PHP PHP 5.0.0 Beta3
    cpe:2.3:a:php:php:5.0.0:beta3
  • PHP PHP 5.0.0 Beta4
    cpe:2.3:a:php:php:5.0.0:beta4
  • PHP PHP 5.0.0 RC1
    cpe:2.3:a:php:php:5.0.0:rc1
  • PHP PHP 5.0.0 RC2
    cpe:2.3:a:php:php:5.0.0:rc2
  • PHP PHP 5.0.0 RC3
    cpe:2.3:a:php:php:5.0.0:rc3
  • PHP 5.0.1 -
    cpe:2.3:a:php:php:5.0.1
  • PHP 5.0.2 -
    cpe:2.3:a:php:php:5.0.2
  • PHP 5.0.3 -
    cpe:2.3:a:php:php:5.0.3
  • PHP 5.0.4 -
    cpe:2.3:a:php:php:5.0.4
  • PHP 5.0.5 -
    cpe:2.3:a:php:php:5.0.5
  • PHP 5.1.0 -
    cpe:2.3:a:php:php:5.1.0
  • PHP PHP 5.1.1
    cpe:2.3:a:php:php:5.1.1
  • PHP 5.1.2 -
    cpe:2.3:a:php:php:5.1.2
  • PHP PHP 5.1.3
    cpe:2.3:a:php:php:5.1.3
  • PHP 5.1.4
    cpe:2.3:a:php:php:5.1.4
  • PHP 5.1.5 -
    cpe:2.3:a:php:php:5.1.5
  • PHP PHP 5.1.6
    cpe:2.3:a:php:php:5.1.6
  • PHP 5.2.0
    cpe:2.3:a:php:php:5.2.0
  • PHP 5.2.1 -
    cpe:2.3:a:php:php:5.2.1
  • PHP 5.2.2 -
    cpe:2.3:a:php:php:5.2.2
  • PHP 5.2.3 -
    cpe:2.3:a:php:php:5.2.3
  • PHP 5.2.4 -
    cpe:2.3:a:php:php:5.2.4
  • PHP 5.2.5 -
    cpe:2.3:a:php:php:5.2.5
  • PHP 5.2.6 -
    cpe:2.3:a:php:php:5.2.6
  • PHP 5.2.7 -
    cpe:2.3:a:php:php:5.2.7
  • PHP 5.2.8
    cpe:2.3:a:php:php:5.2.8
  • PHP 5.2.9 -
    cpe:2.3:a:php:php:5.2.9
  • PHP 5.2.10 -
    cpe:2.3:a:php:php:5.2.10
  • PHP 5.2.11 -
    cpe:2.3:a:php:php:5.2.11
  • PHP 5.2.12 -
    cpe:2.3:a:php:php:5.2.12
  • PHP 5.2.13 -
    cpe:2.3:a:php:php:5.2.13
  • PHP 5.2.14 -
    cpe:2.3:a:php:php:5.2.14
  • PHP 5.2.15 -
    cpe:2.3:a:php:php:5.2.15
  • PHP 5.2.16
    cpe:2.3:a:php:php:5.2.16
  • PHP 5.2.17
    cpe:2.3:a:php:php:5.2.17
  • PHP 5.3.0
    cpe:2.3:a:php:php:5.3.0
  • PHP 5.3.1 -
    cpe:2.3:a:php:php:5.3.1
  • PHP 5.3.2 -
    cpe:2.3:a:php:php:5.3.2
  • PHP 5.3.3 -
    cpe:2.3:a:php:php:5.3.3
  • PHP 5.3.4 -
    cpe:2.3:a:php:php:5.3.4
  • PHP 5.3.5
    cpe:2.3:a:php:php:5.3.5
  • PHP 5.3.6
    cpe:2.3:a:php:php:5.3.6
  • PHP 5.3.7 -
    cpe:2.3:a:php:php:5.3.7
  • PHP 5.3.8
    cpe:2.3:a:php:php:5.3.8
  • PHP 5.3.9 -
    cpe:2.3:a:php:php:5.3.9
  • PHP 5.3.10
    cpe:2.3:a:php:php:5.3.10
  • PHP 5.3.11 -
    cpe:2.3:a:php:php:5.3.11
  • PHP 5.3.12
    cpe:2.3:a:php:php:5.3.12
  • PHP 5.3.13
    cpe:2.3:a:php:php:5.3.13
  • PHP 5.3.14 -
    cpe:2.3:a:php:php:5.3.14
  • PHP 5.4.0 -
    cpe:2.3:a:php:php:5.4.0
  • PHP 5.4.1
    cpe:2.3:a:php:php:5.4.1
  • PHP 5.4.2
    cpe:2.3:a:php:php:5.4.2
  • PHP 5.4.3
    cpe:2.3:a:php:php:5.4.3
  • PHP 5.4.4 -
    cpe:2.3:a:php:php:5.4.4
CVSS
Base: 10.0 (as of 20-07-2012 - 09:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_7_5.NASL
    description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62214
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62214
    title Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2012-004.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62213
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62213
    title Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2527.NASL
    description Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-2688 A buffer overflow in the scandir() function could lead to denial of service or the execution of arbitrary code. - CVE-2012-3450 It was discovered that inconsistent parsing of PDO prepared statements could lead to denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61520
    published 2012-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61520
    title Debian DSA-2527-1 : php5 - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, create arbitrary files, conduct directory traversal attacks, bypass protection mechanisms, or perform further attacks with unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 62236
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62236
    title GLSA-201209-03 : PHP: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-502.NASL
    description Three security issues were fixed in php5 : CVE-2012-2688: php5: potential overflow in _php_stream_scandir CVE-2012-3365: open_basedir bypass via SQLite extension Also a out of band read sql denial of service was fixed (bnc#769785)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74709
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74709
    title openSUSE Security Update : php5 (openSUSE-SU-2012:0976-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2012-204-01.NASL
    description New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 60087
    published 2012-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60087
    title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-204-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_PHP53-120802.NASL
    description Three security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64105
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64105
    title SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130221_PHP_ON_SL6_X.NASL
    description It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 64957
    published 2013-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64957
    title Scientific Linux Security Update : php on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1307.NASL
    description Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) These updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70244
    published 2013-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70244
    title RHEL 5 : php53 (RHSA-2013:1307)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_PHP_20140401.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an 'overflow.' (CVE-2012-2688) - The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. (CVE-2012-3365) - ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. (CVE-2013-1635) - The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. (CVE-2013-1643) - Heap-based buffer overflow in the php_quot_print_encode function in ext/ standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. (CVE-2013-2110) - ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. (CVE-2013-4113) - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2013-4248) - Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. (CVE-2013-4635) - The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. (CVE-2013-4636)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80736
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80736
    title Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_PHP5-120802.NASL
    description This update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 64101
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64101
    title SuSE 11.1 Security Update : php5 (SAT Patch Number 6627)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_PHP5-8239.NASL
    description This update fixes two security issues of PHP5 : - Potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365)
    last seen 2018-09-01
    modified 2013-03-16
    plugin id 61658
    published 2012-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61658
    title SuSE 10 Security Update : php5 (ZYPP Patch Number 8239)
  • NASL family CGI abuses
    NASL id PHP_5_4_5.NASL
    description According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.5, and is, therefore, potentially affected by an unspecified overflow vulnerability in the function '_php_stream_scandir' in the file 'main/streams/streams.c'.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 60086
    published 2012-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60086
    title PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BDAB0ACDD4CD11E18A1C14DAE9EBCF89.NASL
    description The PHP Development Team reports : The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in _php_stream_scandir
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 60102
    published 2012-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60102
    title FreeBSD : php -- potential overflow in _php_stream_scandir (bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0514.NASL
    description Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 65146
    published 2013-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65146
    title CentOS 6 : php (CESA-2013:0514)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-108.NASL
    description Multiple vulnerabilities has been discovered and corrected in php : Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow (CVE-2012-2688). The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors (CVE-2012-3365). pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value (CVE-2012-3450). The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61961
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61961
    title Mandriva Linux Security Advisory : php (MDVSA-2012:108)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_PHP53-120803.NASL
    description Three security bugs have been fixed in PHP5. - php5: potential overflow in _php_stream_scandir. (CVE-2012-2688) - open_basedir bypass via SQLite extension. (CVE-2012-3365) - An out of band read sql denial of service has been fixed (bnc#769785). (CVE-2012-3450)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64106
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64106
    title SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1569-1.NASL
    description It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially crafted URL and inject arbitrary headers. (CVE-2011-1398, CVE-2012-4388) It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. (CVE-2012-2688) It was discovered that PHP incorrectly parsed certain PDO prepared statements. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-3450). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62178
    published 2012-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62178
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1569-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_8_2.NASL
    description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.2. The newer version contains multiple security-related fixes for the following components : - BIND - Data Security - LoginWindow - Mobile Accounts - PHP
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62215
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62215
    title Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-116.NASL
    description Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an 'overflow.'
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69606
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69606
    title Amazon Linux AMI : php (ALAS-2012-116)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1307.NASL
    description From Red Hat Security Advisory 2013:1307 : Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) These updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70284
    published 2013-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70284
    title Oracle Linux 5 : php53 (ELSA-2013-1307)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130930_PHP53_ON_SL5_X.NASL
    description It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 70389
    published 2013-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70389
    title Scientific Linux Security Update : php53 on SL5.x i386/x86_64
  • NASL family CGI abuses
    NASL id PHP_5_3_15.NASL
    description According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.15, and is, therefore, potentially affected by the following vulnerabilities : - An unspecified overflow vulnerability exists in the function '_php_stream_scandir' in the file 'main/streams/streams.c'. (CVE-2012-2688) - An unspecified error exists that can allow the 'open_basedir' constraint to be bypassed. (CVE-2012-3365)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 60085
    published 2012-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60085
    title PHP 5.3.x < 5.3.15 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1814.NASL
    description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71356
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71356
    title CentOS 5 : php (CESA-2013:1814)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1307.NASL
    description Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) These updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79149
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79149
    title CentOS 5 : php53 (CESA-2013:1307)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1814.NASL
    description From Red Hat Security Advisory 2013:1814 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71367
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71367
    title Oracle Linux 5 : php (ELSA-2013-1814)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1814.NASL
    description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71337
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71337
    title RHEL 5 : php (RHSA-2013:1814)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131211_PHP_ON_SL5_X.NASL
    description A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71373
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71373
    title Scientific Linux Security Update : php on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0514.NASL
    description Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 64762
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64762
    title RHEL 6 : php (RHSA-2013:0514)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0514.NASL
    description From Red Hat Security Advisory 2013:0514 : Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 68751
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68751
    title Oracle Linux 6 : php (ELSA-2013-0514)
redhat via4
advisories
  • bugzilla
    id 874987
    title Missing provides in php-xml
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment php is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514005
        • comment php is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195006
      • AND
        • comment php-bcmath is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514045
        • comment php-bcmath is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195048
      • AND
        • comment php-cli is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514039
        • comment php-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195044
      • AND
        • comment php-common is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514023
        • comment php-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195010
      • AND
        • comment php-dba is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514013
        • comment php-dba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195054
      • AND
        • comment php-devel is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514049
        • comment php-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195032
      • AND
        • comment php-embedded is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514009
        • comment php-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195038
      • AND
        • comment php-enchant is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514015
        • comment php-enchant is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195026
      • AND
        • comment php-fpm is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514035
        • comment php-fpm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130514036
      • AND
        • comment php-gd is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514041
        • comment php-gd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195056
      • AND
        • comment php-imap is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514019
        • comment php-imap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195040
      • AND
        • comment php-intl is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514011
        • comment php-intl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195030
      • AND
        • comment php-ldap is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514037
        • comment php-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195046
      • AND
        • comment php-mbstring is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514047
        • comment php-mbstring is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195042
      • AND
        • comment php-mysql is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514025
        • comment php-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195008
      • AND
        • comment php-odbc is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514043
        • comment php-odbc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195020
      • AND
        • comment php-pdo is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514031
        • comment php-pdo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195018
      • AND
        • comment php-pgsql is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514055
        • comment php-pgsql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195014
      • AND
        • comment php-process is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514033
        • comment php-process is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195016
      • AND
        • comment php-pspell is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514029
        • comment php-pspell is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195028
      • AND
        • comment php-recode is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514027
        • comment php-recode is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195050
      • AND
        • comment php-snmp is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514017
        • comment php-snmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195036
      • AND
        • comment php-soap is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514021
        • comment php-soap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195024
      • AND
        • comment php-tidy is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514051
        • comment php-tidy is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195012
      • AND
        • comment php-xml is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514057
        • comment php-xml is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195022
      • AND
        • comment php-xmlrpc is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514053
        • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195052
      • AND
        • comment php-zts is earlier than 0:5.3.3-22.el6
          oval oval:com.redhat.rhsa:tst:20130514007
        • comment php-zts is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195034
    rhsa
    id RHSA-2013:0514
    released 2013-02-21
    severity Moderate
    title RHSA-2013:0514: php security, bug fix and enhancement update (Moderate)
  • rhsa
    id RHSA-2013:1307
rpms
  • php-0:5.3.3-22.el6
  • php-bcmath-0:5.3.3-22.el6
  • php-cli-0:5.3.3-22.el6
  • php-common-0:5.3.3-22.el6
  • php-dba-0:5.3.3-22.el6
  • php-devel-0:5.3.3-22.el6
  • php-embedded-0:5.3.3-22.el6
  • php-enchant-0:5.3.3-22.el6
  • php-fpm-0:5.3.3-22.el6
  • php-gd-0:5.3.3-22.el6
  • php-imap-0:5.3.3-22.el6
  • php-intl-0:5.3.3-22.el6
  • php-ldap-0:5.3.3-22.el6
  • php-mbstring-0:5.3.3-22.el6
  • php-mysql-0:5.3.3-22.el6
  • php-odbc-0:5.3.3-22.el6
  • php-pdo-0:5.3.3-22.el6
  • php-pgsql-0:5.3.3-22.el6
  • php-process-0:5.3.3-22.el6
  • php-pspell-0:5.3.3-22.el6
  • php-recode-0:5.3.3-22.el6
  • php-snmp-0:5.3.3-22.el6
  • php-soap-0:5.3.3-22.el6
  • php-tidy-0:5.3.3-22.el6
  • php-xml-0:5.3.3-22.el6
  • php-xmlrpc-0:5.3.3-22.el6
  • php-zts-0:5.3.3-22.el6
  • php53-0:5.3.3-21.el5
  • php53-bcmath-0:5.3.3-21.el5
  • php53-cli-0:5.3.3-21.el5
  • php53-common-0:5.3.3-21.el5
  • php53-dba-0:5.3.3-21.el5
  • php53-devel-0:5.3.3-21.el5
  • php53-gd-0:5.3.3-21.el5
  • php53-imap-0:5.3.3-21.el5
  • php53-intl-0:5.3.3-21.el5
  • php53-ldap-0:5.3.3-21.el5
  • php53-mbstring-0:5.3.3-21.el5
  • php53-mysql-0:5.3.3-21.el5
  • php53-odbc-0:5.3.3-21.el5
  • php53-pdo-0:5.3.3-21.el5
  • php53-pgsql-0:5.3.3-21.el5
  • php53-process-0:5.3.3-21.el5
  • php53-pspell-0:5.3.3-21.el5
  • php53-snmp-0:5.3.3-21.el5
  • php53-soap-0:5.3.3-21.el5
  • php53-xml-0:5.3.3-21.el5
  • php53-xmlrpc-0:5.3.3-21.el5
  • php-0:5.1.6-43.el5_10
  • php-bcmath-0:5.1.6-43.el5_10
  • php-cli-0:5.1.6-43.el5_10
  • php-common-0:5.1.6-43.el5_10
  • php-dba-0:5.1.6-43.el5_10
  • php-devel-0:5.1.6-43.el5_10
  • php-gd-0:5.1.6-43.el5_10
  • php-imap-0:5.1.6-43.el5_10
  • php-ldap-0:5.1.6-43.el5_10
  • php-mbstring-0:5.1.6-43.el5_10
  • php-mysql-0:5.1.6-43.el5_10
  • php-ncurses-0:5.1.6-43.el5_10
  • php-odbc-0:5.1.6-43.el5_10
  • php-pdo-0:5.1.6-43.el5_10
  • php-pgsql-0:5.1.6-43.el5_10
  • php-snmp-0:5.1.6-43.el5_10
  • php-soap-0:5.1.6-43.el5_10
  • php-xml-0:5.1.6-43.el5_10
  • php-xmlrpc-0:5.1.6-43.el5_10
refmap via4
apple APPLE-SA-2012-09-19-2
bid 54638
confirm
debian DSA-2527
mandriva MDVSA-2012:108
sectrack 1027287
secunia 55078
suse
  • SUSE-SU-2012:1033
  • SUSE-SU-2012:1034
  • openSUSE-SU-2012:0976
ubuntu USN-1569-1
xf php-phpstreamscandir-unspecified(77155)
Last major update 07-12-2016 - 22:02
Published 20-07-2012 - 06:40
Last modified 21-12-2017 - 21:29
Back to Top