ID CVE-2014-4721
Summary The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
References
Vulnerable Configurations
  • PHP 5.5.0
    cpe:2.3:a:php:php:5.5.0
  • PHP 5.5.0 alpha1
    cpe:2.3:a:php:php:5.5.0:alpha1
  • PHP 5.5.0 alpha2
    cpe:2.3:a:php:php:5.5.0:alpha2
  • PHP 5.5.0 alpha3
    cpe:2.3:a:php:php:5.5.0:alpha3
  • PHP 5.5.0 alpha4
    cpe:2.3:a:php:php:5.5.0:alpha4
  • PHP 5.5.0 alpha5
    cpe:2.3:a:php:php:5.5.0:alpha5
  • PHP 5.5.0 alpha6
    cpe:2.3:a:php:php:5.5.0:alpha6
  • PHP 5.5.0 beta1
    cpe:2.3:a:php:php:5.5.0:beta1
  • PHP 5.5.0 beta2
    cpe:2.3:a:php:php:5.5.0:beta2
  • PHP 5.5.0 beta3
    cpe:2.3:a:php:php:5.5.0:beta3
  • PHP 5.5.0 beta4
    cpe:2.3:a:php:php:5.5.0:beta4
  • PHP 5.5.0 release candidate 1
    cpe:2.3:a:php:php:5.5.0:rc1
  • PHP 5.5.0 release candidate 2
    cpe:2.3:a:php:php:5.5.0:rc2
  • PHP 5.5.1
    cpe:2.3:a:php:php:5.5.1
  • PHP 5.5.10
    cpe:2.3:a:php:php:5.5.10
  • PHP 5.5.11
    cpe:2.3:a:php:php:5.5.11
  • PHP 5.5.12
    cpe:2.3:a:php:php:5.5.12
  • PHP 5.5.13
    cpe:2.3:a:php:php:5.5.13
  • PHP 5.5.2
    cpe:2.3:a:php:php:5.5.2
  • PHP 5.5.3
    cpe:2.3:a:php:php:5.5.3
  • PHP 5.5.4
    cpe:2.3:a:php:php:5.5.4
  • PHP 5.5.5
    cpe:2.3:a:php:php:5.5.5
  • PHP 5.5.6
    cpe:2.3:a:php:php:5.5.6
  • PHP 5.5.7
    cpe:2.3:a:php:php:5.5.7
  • PHP 5.5.8
    cpe:2.3:a:php:php:5.5.8
  • PHP 5.5.9
    cpe:2.3:a:php:php:5.5.9
  • PHP 5.3.28
    cpe:2.3:a:php:php:5.3.28
  • PHP 5.3.9
    cpe:2.3:a:php:php:5.3.9
  • PHP 5.3.8
    cpe:2.3:a:php:php:5.3.8
  • PHP 5.3.7
    cpe:2.3:a:php:php:5.3.7
  • PHP 5.3.6
    cpe:2.3:a:php:php:5.3.6
  • PHP 5.3.5
    cpe:2.3:a:php:php:5.3.5
  • PHP 5.3.4
    cpe:2.3:a:php:php:5.3.4
  • PHP 5.3.3
    cpe:2.3:a:php:php:5.3.3
  • PHP 5.3.27
    cpe:2.3:a:php:php:5.3.27
  • PHP 5.3.26
    cpe:2.3:a:php:php:5.3.26
  • PHP 5.3.25
    cpe:2.3:a:php:php:5.3.25
  • PHP 5.3.24
    cpe:2.3:a:php:php:5.3.24
  • PHP 5.3.23
    cpe:2.3:a:php:php:5.3.23
  • PHP 5.3.22
    cpe:2.3:a:php:php:5.3.22
  • PHP 5.3.21
    cpe:2.3:a:php:php:5.3.21
  • PHP 5.3.20
    cpe:2.3:a:php:php:5.3.20
  • PHP 5.3.2
    cpe:2.3:a:php:php:5.3.2
  • PHP 5.3.19
    cpe:2.3:a:php:php:5.3.19
  • PHP 5.3.18
    cpe:2.3:a:php:php:5.3.18
  • PHP 5.3.17
    cpe:2.3:a:php:php:5.3.17
  • PHP 5.3.16
    cpe:2.3:a:php:php:5.3.16
  • PHP 5.3.15
    cpe:2.3:a:php:php:5.3.15
  • PHP 5.3.14
    cpe:2.3:a:php:php:5.3.14
  • PHP 5.3.13
    cpe:2.3:a:php:php:5.3.13
  • PHP 5.3.12
    cpe:2.3:a:php:php:5.3.12
  • PHP 5.3.11
    cpe:2.3:a:php:php:5.3.11
  • PHP 5.3.10
    cpe:2.3:a:php:php:5.3.10
  • PHP 5.3.1
    cpe:2.3:a:php:php:5.3.1
  • PHP 5.3.0
    cpe:2.3:a:php:php:5.3.0
  • PHP 5.4.29
    cpe:2.3:a:php:php:5.4.29
  • PHP 5.4.28
    cpe:2.3:a:php:php:5.4.28
  • PHP 5.4.27
    cpe:2.3:a:php:php:5.4.27
  • PHP 5.4.0
    cpe:2.3:a:php:php:5.4.0
  • PHP 5.4.1
    cpe:2.3:a:php:php:5.4.1
  • PHP 5.4.10
    cpe:2.3:a:php:php:5.4.10
  • PHP 5.4.11
    cpe:2.3:a:php:php:5.4.11
  • PHP 5.4.12
    cpe:2.3:a:php:php:5.4.12
  • PHP 5.4.12 release candidate 1
    cpe:2.3:a:php:php:5.4.12:rc1
  • PHP 5.4.12 release candidate 2
    cpe:2.3:a:php:php:5.4.12:rc2
  • PHP 5.4.13
    cpe:2.3:a:php:php:5.4.13
  • PHP 5.4.13 release candidate 1
    cpe:2.3:a:php:php:5.4.13:rc1
  • PHP 5.4.14
    cpe:2.3:a:php:php:5.4.14
  • PHP 5.4.14 release candidate 1
    cpe:2.3:a:php:php:5.4.14:rc1
  • PHP 5.4.15 release candidate 1
    cpe:2.3:a:php:php:5.4.15:rc1
  • PHP 5.4.16 release candidate 1
    cpe:2.3:a:php:php:5.4.16:rc1
  • PHP 5.4.17
    cpe:2.3:a:php:php:5.4.17
  • PHP 5.4.18
    cpe:2.3:a:php:php:5.4.18
  • PHP 5.4.19
    cpe:2.3:a:php:php:5.4.19
  • PHP 5.4.2
    cpe:2.3:a:php:php:5.4.2
  • PHP 5.4.20
    cpe:2.3:a:php:php:5.4.20
  • PHP 5.4.21
    cpe:2.3:a:php:php:5.4.21
  • PHP 5.4.22
    cpe:2.3:a:php:php:5.4.22
  • PHP 5.4.23
    cpe:2.3:a:php:php:5.4.23
  • PHP 5.4.24
    cpe:2.3:a:php:php:5.4.24
  • PHP 5.4.25
    cpe:2.3:a:php:php:5.4.25
  • PHP 5.4.26
    cpe:2.3:a:php:php:5.4.26
  • PHP 5.4.3
    cpe:2.3:a:php:php:5.4.3
  • PHP 5.4.4
    cpe:2.3:a:php:php:5.4.4
  • PHP 5.4.5
    cpe:2.3:a:php:php:5.4.5
  • PHP 5.4.6
    cpe:2.3:a:php:php:5.4.6
  • PHP 5.4.7
    cpe:2.3:a:php:php:5.4.7
  • PHP 5.4.8
    cpe:2.3:a:php:php:5.4.8
  • PHP 5.4.9
    cpe:2.3:a:php:php:5.4.9
CVSS
Base: 2.6 (as of 07-07-2014 - 11:05)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-471.NASL
    description php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
    last seen 2019-02-21
    modified 2014-08-01
    plugin id 76957
    published 2014-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76957
    title openSUSE Security Update : php5 (openSUSE-2014-471)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-080.NASL
    description Multiple vulnerabilities has been discovered and corrected in php : It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345). PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially crafted CDF file (CVE-2014-0237). A flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238). The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515). It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049). A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721). Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597). An integer overflow flaw in PHP's unserialize() function was reported. If unserialize() were used on untrusted data, this issue could lead to a crash or potentially information disclosure (CVE-2014-3669). A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code (CVE-2014-3670). If client-supplied input was passed to PHP's cURL client as a URL to download, it could return local files from the server due to improper handling of null bytes (PHP#68089). An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash (CVE-2014-3710). A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142). Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP before 5.5.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2014-9425). sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427). Use after free vulnerability in unserialize() in PHP before 5.5.21 (CVE-2015-0231). Free called on an uninitialized pointer in php-exif in PHP before 5.5.21 (CVE-2015-0232). The readelf.c source file has been removed from PHP's bundled copy of file's libmagic, eliminating exposure to denial of service issues in ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's fileinfo module. S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9705). Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-0273). It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-2301). Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231). The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (CVE-2015-0232). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331). It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1351). It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1352). PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to the libmagic issues. The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the CVE-2015-2331 flaw. A bug in the php zip extension that could cause a crash has been fixed (mga#13820) Additionally the jsonc and timezonedb packages has been upgraded to the latest versions and the PECL packages which requires so has been rebuilt for php-5.5.23.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 82333
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82333
    title Mandriva Linux Security Advisory : php (MDVSA-2015:080)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_13_1_OPENSUSE-2014--140721.NASL
    description php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
    last seen 2017-10-29
    modified 2014-08-08
    plugin id 76932
    published 2014-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76932
    title openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL17313.NASL
    description The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 86109
    published 2015-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86109
    title F5 Networks BIG-IP : PHP vulnerability (SOL17313)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1012.NASL
    description Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77015
    published 2014-08-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77015
    title RHEL 5 / 6 : php53 and php (RHSA-2014:1012)
  • NASL family CGI abuses
    NASL id PHP_5_4_30.NASL
    description According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.30. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions 'cdf_read_short_sector', 'cdf_check_stream_offset', 'cdf_count_chain', and 'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) - A pascal string size handling error exists related to the Fileinfo extension and the function 'mconvert'. (CVE-2014-3478) - A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515) - An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981) - A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049) - A type-confusion error exists related to the function 'php_print_info' that could allow disclosure of sensitive information. (CVE-2014-4721) - An out-of-bounds read error exists in the timelib_meridian_with_check() function due to a failure to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents. - An out-of-bounds read error exists in the date_parse_from_format() function due to a failure in the date parsing routines to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents. - An error exists related to unserialization and 'SplFileObject' handling that could allow denial of service attacks. (Bug #67072) - A double free error exists related to the Intl extension and the method 'Locale::parseLocale' having unspecified impact. (Bug #67349) - A buffer overflow error exists related to the Intl extension and the functions 'locale_get_display_name' and 'uloc_getDisplayName' having unspecified impact. (Bug #67397) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 76281
    published 2014-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76281
    title PHP 5.4.x < 5.4.30 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1012.NASL
    description From Red Hat Security Advisory 2014:1012 : Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 77043
    published 2014-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77043
    title Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1012.NASL
    description Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77032
    published 2014-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77032
    title CentOS 5 / 6 : php / php53 (CESA-2014:1012)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_12_3_OPENSUSE-2014--140721.NASL
    description php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
    last seen 2017-10-29
    modified 2014-08-08
    plugin id 76929
    published 2014-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76929
    title openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_PHP53-140720.NASL
    description PHP 5.3 has been updated to fix several security problems : - The SPL component in PHP incorrectly anticipated that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage. (CVE-2014-3515) - The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. (CVE-2014-0207) - Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. (CVE-2014-3478) - The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP relied on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. (CVE-2014-3479) - The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file. (CVE-2014-3480) - The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file. (CVE-2014-3487) - Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. (CVE-2014-4670) - Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. (CVE-2014-4698) - The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. (CVE-2014-4721)
    last seen 2019-02-21
    modified 2014-08-31
    plugin id 76909
    published 2014-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76909
    title SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1013.NASL
    description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2013-7345) Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77016
    published 2014-08-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77016
    title RHEL 7 : php (RHSA-2014:1013)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1013.NASL
    description Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2013-7345) Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77033
    published 2014-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77033
    title CentOS 7 : php (CESA-2014:1013)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-130.NASL
    description Updated php packages fix security vulnerabilities : The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515). It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049). A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478). Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487). PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.5.14, which fix this issue and several other bugs. The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721). Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.5 version.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 76438
    published 2014-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76438
    title Mandriva Linux Security Advisory : php (MDVSA-2014:130)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2276-1.NASL
    description Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) Stefan Esser discovered that PHP incorrectly handled unserializing SPL extension objects. An attacker could use this issue to execute arbitrary code. (CVE-2014-3515) It was discovered that PHP incorrectly handled certain SPL Iterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4670) It was discovered that PHP incorrectly handled certain ArrayIterators. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-4698) Stefan Esser discovered that PHP incorrectly handled variable types when calling phpinfo(). An attacker could use this issue to possibly gain access to arbitrary memory, possibly containing sensitive information. (CVE-2014-4721). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 76451
    published 2014-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76451
    title Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2276-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1638-1.NASL
    description This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366). - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375). - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373). - CVE-2016-4540: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829). - CVE-2016-4541: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829. - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830). - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828). - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length uncompressed data, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991). - CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994). - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call (bsc#977003). - CVE-2015-8867: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP incorrectly relied on the deprecated RAND_pseudo_bytes function, which made it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors (bsc#977005). - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP allowed remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function (bsc#976997). - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not isolate each thread from libxml_disable_entity_loader changes in other threads, which allowed remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161 (bsc#976996). - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to mean that SSL is optional, which allowed man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152 (bsc#973792). - CVE-2015-8835: The make_http_soap_request function in ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c (bsc#973351). - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX extension in PHP allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element (bsc#969821). - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location (bsc#971912). - CVE-2014-9767: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary empty directories via a crafted ZIP archive (bsc#971612). - CVE-2016-3185: The make_http_soap_request function in ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611). - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive (bsc#968284). - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that did not exist (bsc#949961). - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP allowed remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization (bsc#942291). - CVE-2015-6833: Directory traversal vulnerability in the PharData class in PHP allowed remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call (bsc#942296. - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP did not properly manage headers, which allowed remote attackers to execute arbitrary code via crafted serialized data that triggers a 'type confusion' in the serialize_function_call function (bsc#945428). - CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation during initial error checking, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838 (bsc#945412). - CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation after the principal argument loop, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837 (bsc#945412). - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension (bsc#938719). - CVE-2015-5589: The phar_convert_to_other function in ext/phar/phar_object.c in PHP did not validate a file pointer a close operation, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call (bsc#938721). - CVE-2015-4602: The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935224). - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in PHP allowed remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935226). - CVE-2015-4600: The SoapClient implementation in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods (bsc#935226). - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226. - CVE-2015-4603: The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP allowed remote attackers to execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935234). - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP did not validate token extraction for table names, which might allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352 (bsc#935274). - CVE-2015-4643: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022 (bsc#935275). - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files (bsc#935227). - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension (bsc#935229). - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files (bsc#935232). - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did not verify that the uri property is a string, which allowed remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a 'type confusion' issue (bsc#933227). - CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP allowed remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome (bsc#931421). - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname upon encountering a \x00 character, which might allowed remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 (bsc#931776). - CVE-2015-4022: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow (bsc#931772). - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP did not verify that the first character of a filename is different from the \0 character, which allowed remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive (bsc#931769). - CVE-2015-3329: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP allowed remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive (bsc#928506). - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511). - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231 (bsc#924972). - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function (bsc#923945). - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file (bsc#922452). - CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might have allowed context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow (bsc#921950). - CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP allowed remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries (bsc#922451). - CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function (bsc#918768). - CVE-2014-9652: The mconvert function in softmagic.c in file as used in the Fileinfo component in PHP did not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allowed remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file (bsc#917150). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bsc#910659). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bsc#914690). - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly, which allowed remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function (bsc#902357). - CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value (bsc#902360). - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP allowed remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation (bsc#902368). - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions (bsc#893849). - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (bsc#893853). - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (bsc#886059). - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (bsc#886060). - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allowed context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php (bsc#885961). - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file (bsc#884986). - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion (bsc#884987). - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as used in the Fileinfo component in PHP relies on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file (bsc#884989). - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884990). - CVE-2014-3487: The cdf_read_property_info function in file as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884991). - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage (bsc#884992). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93161
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93161
    title SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
  • NASL family CGI abuses
    NASL id PHP_5_5_14.NASL
    description According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions 'cdf_read_short_sector', 'cdf_check_stream_offset', 'cdf_count_chain', and 'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) - A pascal string size handling error exists related to the Fileinfo extension and the function 'mconvert'. (CVE-2014-3478) - A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515) - An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981) - A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049) - A type-confusion error exists related to the function 'php_print_info' that could allow disclosure of sensitive information. (CVE-2014-4721) - An error exists related to unserialization and 'SplFileObject' handling that could allow denial of service attacks. (Bug #67072) - A double free error exists related to the Intl extension and the method 'Locale::parseLocale' having unspecified impact. (Bug #67349) - A buffer overflow error exists related to the Intl extension and the functions 'locale_get_display_name' and 'uloc_getDisplayName' having unspecified impact. (Bug #67397) Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 76282
    published 2014-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76282
    title PHP 5.5.x < 5.5.14 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140806_PHP53_AND_PHP_ON_SL5_X.NASL
    description Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 77047
    published 2014-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77047
    title Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1013.NASL
    description From Red Hat Security Advisory 2014:1013 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2013-7345) Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 77044
    published 2014-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77044
    title Oracle Linux 7 : php (ELSA-2014-1013)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-18.NASL
    description [CVE-2014-3515]: fix unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion [CVE-2014-0207]: fileinfo: cdf_read_short_sector insufficient boundary check [CVE-2014-3480]: fileinfo: cdf_count_chain insufficient boundary check [CVE-2014-4721]: The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82165
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82165
    title Debian DLA-18-1 : php5 security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2974.NASL
    description Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_sector() function. - CVE-2014-3478 Francisco Alonso of the Red Hat Security Response Team discovered a flaw in the way the truncated pascal string size in the mconvert() function is computed. - CVE-2014-3479 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_check_stream_offset() function. - CVE-2014-3480 Francisco Alonso of the Red Hat Security Response Team reported an insufficient boundary check in the cdf_count_chain() function. - CVE-2014-3487 Francisco Alonso of the Red Hat Security Response Team discovered an incorrect boundary check in the cdf_read_property_info() funtion. - CVE-2014-3515 Stefan Esser discovered that the ArrayObject and the SPLObjectStorage unserialize() handler do not verify the type of unserialized data before using it. A remote attacker could use this flaw to execute arbitrary code. - CVE-2014-4721 Stefan Esser discovered a type confusion issue affecting phpinfo(), which might allow an attacker to obtain sensitive information from process memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76418
    published 2014-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76418
    title Debian DSA-2974-1 : php5 - security update
redhat via4
advisories
  • bugzilla
    id 1116662
    title CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment php53 is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012002
          • comment php53 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196003
        • AND
          • comment php53-bcmath is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012004
          • comment php53-bcmath is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196015
        • AND
          • comment php53-cli is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012038
          • comment php53-cli is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196025
        • AND
          • comment php53-common is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012018
          • comment php53-common is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196023
        • AND
          • comment php53-dba is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012030
          • comment php53-dba is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196019
        • AND
          • comment php53-devel is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012022
          • comment php53-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196033
        • AND
          • comment php53-gd is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012040
          • comment php53-gd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196021
        • AND
          • comment php53-imap is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012014
          • comment php53-imap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196005
        • AND
          • comment php53-intl is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012028
          • comment php53-intl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196043
        • AND
          • comment php53-ldap is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012034
          • comment php53-ldap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196031
        • AND
          • comment php53-mbstring is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012016
          • comment php53-mbstring is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196029
        • AND
          • comment php53-mysql is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012008
          • comment php53-mysql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196013
        • AND
          • comment php53-odbc is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012024
          • comment php53-odbc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196037
        • AND
          • comment php53-pdo is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012010
          • comment php53-pdo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196011
        • AND
          • comment php53-pgsql is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012042
          • comment php53-pgsql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196007
        • AND
          • comment php53-process is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012032
          • comment php53-process is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196027
        • AND
          • comment php53-pspell is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012006
          • comment php53-pspell is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196039
        • AND
          • comment php53-snmp is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012026
          • comment php53-snmp is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196009
        • AND
          • comment php53-soap is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012012
          • comment php53-soap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196041
        • AND
          • comment php53-xml is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012020
          • comment php53-xml is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196035
        • AND
          • comment php53-xmlrpc is earlier than 0:5.3.3-23.el5_10
            oval oval:com.redhat.rhsa:tst:20141012036
          • comment php53-xmlrpc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196017
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment php is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012048
          • comment php is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195006
        • AND
          • comment php-bcmath is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012060
          • comment php-bcmath is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195048
        • AND
          • comment php-cli is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012078
          • comment php-cli is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195044
        • AND
          • comment php-common is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012062
          • comment php-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195010
        • AND
          • comment php-dba is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012064
          • comment php-dba is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195054
        • AND
          • comment php-devel is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012066
          • comment php-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195032
        • AND
          • comment php-embedded is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012072
          • comment php-embedded is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195038
        • AND
          • comment php-enchant is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012100
          • comment php-enchant is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195026
        • AND
          • comment php-fpm is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012076
          • comment php-fpm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130514036
        • AND
          • comment php-gd is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012056
          • comment php-gd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195056
        • AND
          • comment php-imap is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012070
          • comment php-imap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195040
        • AND
          • comment php-intl is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012058
          • comment php-intl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195030
        • AND
          • comment php-ldap is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012090
          • comment php-ldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195046
        • AND
          • comment php-mbstring is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012094
          • comment php-mbstring is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195042
        • AND
          • comment php-mysql is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012092
          • comment php-mysql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195008
        • AND
          • comment php-odbc is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012068
          • comment php-odbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195020
        • AND
          • comment php-pdo is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012084
          • comment php-pdo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195018
        • AND
          • comment php-pgsql is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012082
          • comment php-pgsql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195014
        • AND
          • comment php-process is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012088
          • comment php-process is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195016
        • AND
          • comment php-pspell is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012054
          • comment php-pspell is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195028
        • AND
          • comment php-recode is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012096
          • comment php-recode is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195050
        • AND
          • comment php-snmp is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012074
          • comment php-snmp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195036
        • AND
          • comment php-soap is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012052
          • comment php-soap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195024
        • AND
          • comment php-tidy is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012098
          • comment php-tidy is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195012
        • AND
          • comment php-xml is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012080
          • comment php-xml is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195022
        • AND
          • comment php-xmlrpc is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012050
          • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195052
        • AND
          • comment php-zts is earlier than 0:5.3.3-27.el6_5.1
            oval oval:com.redhat.rhsa:tst:20141012086
          • comment php-zts is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195034
    rhsa
    id RHSA-2014:1012
    released 2014-08-06
    severity Moderate
    title RHSA-2014:1012: php53 and php security update (Moderate)
  • bugzilla
    id 1116662
    title CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment php is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013005
        • comment php is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195006
      • AND
        • comment php-bcmath is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013009
        • comment php-bcmath is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195048
      • AND
        • comment php-cli is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013039
        • comment php-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195044
      • AND
        • comment php-common is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013021
        • comment php-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195010
      • AND
        • comment php-dba is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013045
        • comment php-dba is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195054
      • AND
        • comment php-devel is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013043
        • comment php-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195032
      • AND
        • comment php-embedded is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013031
        • comment php-embedded is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195038
      • AND
        • comment php-enchant is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013051
        • comment php-enchant is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195026
      • AND
        • comment php-fpm is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013053
        • comment php-fpm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130514036
      • AND
        • comment php-gd is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013023
        • comment php-gd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195056
      • AND
        • comment php-intl is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013011
        • comment php-intl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195030
      • AND
        • comment php-ldap is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013015
        • comment php-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195046
      • AND
        • comment php-mbstring is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013047
        • comment php-mbstring is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195042
      • AND
        • comment php-mysql is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013049
        • comment php-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195008
      • AND
        • comment php-mysqlnd is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013027
        • comment php-mysqlnd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141013028
      • AND
        • comment php-odbc is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013025
        • comment php-odbc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195020
      • AND
        • comment php-pdo is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013007
        • comment php-pdo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195018
      • AND
        • comment php-pgsql is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013017
        • comment php-pgsql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195014
      • AND
        • comment php-process is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013029
        • comment php-process is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195016
      • AND
        • comment php-pspell is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013041
        • comment php-pspell is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195028
      • AND
        • comment php-recode is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013033
        • comment php-recode is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195050
      • AND
        • comment php-snmp is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013035
        • comment php-snmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195036
      • AND
        • comment php-soap is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013013
        • comment php-soap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195024
      • AND
        • comment php-xml is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013019
        • comment php-xml is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195022
      • AND
        • comment php-xmlrpc is earlier than 0:5.4.16-23.el7_0
          oval oval:com.redhat.rhsa:tst:20141013037
        • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110195052
    rhsa
    id RHSA-2014:1013
    released 2014-08-06
    severity Moderate
    title RHSA-2014:1013: php security update (Moderate)
  • rhsa
    id RHSA-2014:1765
  • rhsa
    id RHSA-2014:1766
rpms
  • php53-0:5.3.3-23.el5_10
  • php53-bcmath-0:5.3.3-23.el5_10
  • php53-cli-0:5.3.3-23.el5_10
  • php53-common-0:5.3.3-23.el5_10
  • php53-dba-0:5.3.3-23.el5_10
  • php53-devel-0:5.3.3-23.el5_10
  • php53-gd-0:5.3.3-23.el5_10
  • php53-imap-0:5.3.3-23.el5_10
  • php53-intl-0:5.3.3-23.el5_10
  • php53-ldap-0:5.3.3-23.el5_10
  • php53-mbstring-0:5.3.3-23.el5_10
  • php53-mysql-0:5.3.3-23.el5_10
  • php53-odbc-0:5.3.3-23.el5_10
  • php53-pdo-0:5.3.3-23.el5_10
  • php53-pgsql-0:5.3.3-23.el5_10
  • php53-process-0:5.3.3-23.el5_10
  • php53-pspell-0:5.3.3-23.el5_10
  • php53-snmp-0:5.3.3-23.el5_10
  • php53-soap-0:5.3.3-23.el5_10
  • php53-xml-0:5.3.3-23.el5_10
  • php53-xmlrpc-0:5.3.3-23.el5_10
  • php-0:5.3.3-27.el6_5.1
  • php-bcmath-0:5.3.3-27.el6_5.1
  • php-cli-0:5.3.3-27.el6_5.1
  • php-common-0:5.3.3-27.el6_5.1
  • php-dba-0:5.3.3-27.el6_5.1
  • php-devel-0:5.3.3-27.el6_5.1
  • php-embedded-0:5.3.3-27.el6_5.1
  • php-enchant-0:5.3.3-27.el6_5.1
  • php-fpm-0:5.3.3-27.el6_5.1
  • php-gd-0:5.3.3-27.el6_5.1
  • php-imap-0:5.3.3-27.el6_5.1
  • php-intl-0:5.3.3-27.el6_5.1
  • php-ldap-0:5.3.3-27.el6_5.1
  • php-mbstring-0:5.3.3-27.el6_5.1
  • php-mysql-0:5.3.3-27.el6_5.1
  • php-odbc-0:5.3.3-27.el6_5.1
  • php-pdo-0:5.3.3-27.el6_5.1
  • php-pgsql-0:5.3.3-27.el6_5.1
  • php-process-0:5.3.3-27.el6_5.1
  • php-pspell-0:5.3.3-27.el6_5.1
  • php-recode-0:5.3.3-27.el6_5.1
  • php-snmp-0:5.3.3-27.el6_5.1
  • php-soap-0:5.3.3-27.el6_5.1
  • php-tidy-0:5.3.3-27.el6_5.1
  • php-xml-0:5.3.3-27.el6_5.1
  • php-xmlrpc-0:5.3.3-27.el6_5.1
  • php-zts-0:5.3.3-27.el6_5.1
  • php-0:5.4.16-23.el7_0
  • php-bcmath-0:5.4.16-23.el7_0
  • php-cli-0:5.4.16-23.el7_0
  • php-common-0:5.4.16-23.el7_0
  • php-dba-0:5.4.16-23.el7_0
  • php-devel-0:5.4.16-23.el7_0
  • php-embedded-0:5.4.16-23.el7_0
  • php-enchant-0:5.4.16-23.el7_0
  • php-fpm-0:5.4.16-23.el7_0
  • php-gd-0:5.4.16-23.el7_0
  • php-intl-0:5.4.16-23.el7_0
  • php-ldap-0:5.4.16-23.el7_0
  • php-mbstring-0:5.4.16-23.el7_0
  • php-mysql-0:5.4.16-23.el7_0
  • php-mysqlnd-0:5.4.16-23.el7_0
  • php-odbc-0:5.4.16-23.el7_0
  • php-pdo-0:5.4.16-23.el7_0
  • php-pgsql-0:5.4.16-23.el7_0
  • php-process-0:5.4.16-23.el7_0
  • php-pspell-0:5.4.16-23.el7_0
  • php-recode-0:5.4.16-23.el7_0
  • php-snmp-0:5.4.16-23.el7_0
  • php-soap-0:5.4.16-23.el7_0
  • php-xml-0:5.4.16-23.el7_0
  • php-xmlrpc-0:5.4.16-23.el7_0
refmap via4
confirm
debian DSA-2974
misc
secunia
  • 54553
  • 59794
  • 59831
suse
  • openSUSE-SU-2014:0945
  • openSUSE-SU-2014:1236
Last major update 06-01-2017 - 22:00
Published 06-07-2014 - 19:55
Back to Top