Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-5658 (GCVE-0-2008-5658)
Vulnerability from cvelistv5
Published
2008-12-17 20:00
Modified
2024-08-07 11:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32625"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "1021303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021303"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
},
{
"name": "FEDORA-2009-3768",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"name": "50480",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50480"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-ziparchive-directory-traversal(47079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "RHSA-2009:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"name": "MDVSA-2009:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"name": "35306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35306"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35650"
},
{
"name": "DSA-1789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32625"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "1021303",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021303"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
},
{
"name": "FEDORA-2009-3768",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"name": "50480",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50480"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-ziparchive-directory-traversal(47079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "RHSA-2009:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"name": "MDVSA-2009:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"name": "35306",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35306"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35650"
},
{
"name": "DSA-1789",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32625"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "1021303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021303"
},
{
"name": "SSRT090085",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-06.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
},
{
"name": "FEDORA-2009-3768",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0035",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"name": "50480",
"refsource": "OSVDB",
"url": "http://osvdb.org/50480"
},
{
"name": "SSRT090192",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-ziparchive-directory-traversal(47079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "RHSA-2009:0350",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35003"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.2.7",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"name": "MDVSA-2009:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"name": "HPSBUX02431",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"name": "35306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35306"
},
{
"name": "35650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35650"
},
{
"name": "DSA-1789",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5658",
"datePublished": "2008-12-17T20:00:00",
"dateReserved": "2008-12-17T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-5658\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-17T20:30:01.017\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la funci\u00f3n ZipArchive::extractTo de PHP 5.2.6 y anteriores, permite a atacantes dependientes del contexto escribir ficheros de su elecci\u00f3n a trav\u00e9s de un archivo ZIP con un fichero que contenga la secuencia .. (punto punto).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.6\",\"matchCriteriaId\":\"9FCD404F-54C5-4DFF-ABC3-F0745C5BC96F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7007E77F-60EF-44D8-9676-15B59DF1325F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E727CECE-E452-489A-A42F-5A069D6AF80E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"149A1FB8-593E-412B-8E1C-3E560301D500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC144FA-8F84-44C0-B263-B639FEAD20FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"295907B4-C3DE-4021-BE3B-A8826D4379E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B881352D-954E-4FC0-9E42-93D02A3F3089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17437AED-816A-4CCF-96DE-8C3D0CC8DB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74E7AE59-1CB0-4300-BBE0-109F909789EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9222821E-370F-4616-B787-CC22C2F4E7CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9809449F-9A76-4318-B233-B4C2950A6EA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA962D4-A4EC-4DC3-B8A9-D10941B92781\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8CDFEF9-C367-4800-8A2F-375C261FAE55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E43B88-1563-4EFD-9267-AE3E8C35D67A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11E5715F-A8BC-49EF-836B-BB78E1BC0790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA68843-158E-463E-B68A-1ACF041C4E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1874F637-77E2-4C4A-BF92-AEE96A60BFB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9592B32E-55CD-42D0-901E-8319823BC820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9BF34B5-F74C-4D56-9841-42452D60CB87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86767200-6C9C-4C3E-B111-0E5BE61E197B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00B416D-FF23-4C76-8751-26D305F0FA0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCB6CDDD-70D3-4004-BCE0-8C4723076103\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/50480\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35003\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35306\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35650\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2009-0035\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1789\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:045\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/12/04/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.php.net/ChangeLog-5.php#5.2.7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0350.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/501376/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32625\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021303\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sektioneins.de/advisories/SE-2008-06.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47079\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/50480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2009-0035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/12/04/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.php.net/ChangeLog-5.php#5.2.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0350.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/501376/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sektioneins.de/advisories/SE-2008-06.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html\",\"lastModified\":\"2009-04-15T00:00:00\"}]}}"
}
}
rhsa-2009_0350
Vulnerability from csaf_redhat
Published
2009-04-14 17:14
Modified
2024-12-15 18:13
Summary
Red Hat Security Advisory: php security update
Notes
Topic
Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)
A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)
A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)
A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)
A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)
A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)
A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)
All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0350",
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
}
],
"title": "Red Hat Security Advisory: php security update",
"tracking": {
"current_release_date": "2024-12-15T18:13:03+00:00",
"generator": {
"date": "2024-12-15T18:13:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2009:0350",
"initial_release_date": "2009-04-14T17:14:00+00:00",
"revision_history": [
{
"date": "2009-04-14T17:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-14T13:14:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:13:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product": {
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Stack"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product_id": "php-imap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product_id": "php-gd-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product_id": "php-devel-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-0:5.2.6-4.el5s2.i386",
"product_id": "php-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product_id": "php-dba-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product_id": "php-soap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product_id": "php-common-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product_id": "php-cli-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product_id": "php-xml-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.src",
"product": {
"name": "php-0:5.2.6-4.el5s2.src",
"product_id": "php-0:5.2.6-4.el5s2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
},
"product_reference": "php-0:5.2.6-4.el5s2.src",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-3658",
"discovery_date": "2008-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459529"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: buffer overflow in the imageloadfont function in gd extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3658"
},
{
"category": "external",
"summary": "RHBZ#459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
}
],
"release_date": "2008-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: buffer overflow in the imageloadfont function in gd extension"
},
{
"cve": "CVE-2008-3660",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459572"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: FastCGI module DoS via multiple dots preceding the extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3660"
},
{
"category": "external",
"summary": "RHBZ#459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
}
],
"release_date": "2008-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: FastCGI module DoS via multiple dots preceding the extension"
},
{
"cve": "CVE-2008-5498",
"discovery_date": "2008-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478425"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: libgd imagerotate() array index error memory disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5498"
},
{
"category": "external",
"summary": "RHBZ#478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
}
],
"release_date": "2008-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: libgd imagerotate() array index error memory disclosure"
},
{
"cve": "CVE-2008-5557",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2008-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478848"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5557"
},
{
"category": "external",
"summary": "RHBZ#478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
},
{
"cve": "CVE-2008-5658",
"discovery_date": "2008-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "474824"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5658"
},
{
"category": "external",
"summary": "RHBZ#474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
}
],
"release_date": "2008-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
},
{
"cve": "CVE-2008-5814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2009-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "480167"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: XSS via PHP error messages",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5814"
},
{
"category": "external",
"summary": "RHBZ#480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: XSS via PHP error messages"
},
{
"cve": "CVE-2009-0754",
"discovery_date": "2009-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "479272"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PHP mbstring.func_overload web server denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0754"
},
{
"category": "external",
"summary": "RHBZ#479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
}
],
"release_date": "2004-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "PHP mbstring.func_overload web server denial of service"
},
{
"cve": "CVE-2009-1271",
"discovery_date": "2009-02-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "494530"
}
],
"notes": [
{
"category": "description",
"text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: crash on malformed input in json_decode()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1271"
},
{
"category": "external",
"summary": "RHBZ#494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: crash on malformed input in json_decode()"
}
]
}
RHSA-2009:0350
Vulnerability from csaf_redhat
Published
2009-04-14 17:14
Modified
2025-10-09 13:08
Summary
Red Hat Security Advisory: php security update
Notes
Topic
Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)
A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)
A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)
A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)
A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)
A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)
A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)
All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0350",
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
}
],
"title": "Red Hat Security Advisory: php security update",
"tracking": {
"current_release_date": "2025-10-09T13:08:45+00:00",
"generator": {
"date": "2025-10-09T13:08:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2009:0350",
"initial_release_date": "2009-04-14T17:14:00+00:00",
"revision_history": [
{
"date": "2009-04-14T17:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-14T13:14:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T13:08:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product": {
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Stack"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product_id": "php-imap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product_id": "php-gd-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product_id": "php-devel-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-0:5.2.6-4.el5s2.i386",
"product_id": "php-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product_id": "php-dba-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product_id": "php-soap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product_id": "php-common-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product_id": "php-cli-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product_id": "php-xml-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.src",
"product": {
"name": "php-0:5.2.6-4.el5s2.src",
"product_id": "php-0:5.2.6-4.el5s2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
},
"product_reference": "php-0:5.2.6-4.el5s2.src",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-3658",
"discovery_date": "2008-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459529"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: buffer overflow in the imageloadfont function in gd extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3658"
},
{
"category": "external",
"summary": "RHBZ#459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
}
],
"release_date": "2008-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: buffer overflow in the imageloadfont function in gd extension"
},
{
"cve": "CVE-2008-3660",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459572"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: FastCGI module DoS via multiple dots preceding the extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3660"
},
{
"category": "external",
"summary": "RHBZ#459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
}
],
"release_date": "2008-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: FastCGI module DoS via multiple dots preceding the extension"
},
{
"cve": "CVE-2008-5498",
"discovery_date": "2008-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478425"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: libgd imagerotate() array index error memory disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5498"
},
{
"category": "external",
"summary": "RHBZ#478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
}
],
"release_date": "2008-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: libgd imagerotate() array index error memory disclosure"
},
{
"cve": "CVE-2008-5557",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2008-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478848"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5557"
},
{
"category": "external",
"summary": "RHBZ#478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
},
{
"cve": "CVE-2008-5658",
"discovery_date": "2008-12-04T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
}
],
"release_date": "2008-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
},
{
"cve": "CVE-2008-5814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2009-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "480167"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: XSS via PHP error messages",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5814"
},
{
"category": "external",
"summary": "RHBZ#480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: XSS via PHP error messages"
},
{
"cve": "CVE-2009-0754",
"discovery_date": "2009-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "479272"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PHP mbstring.func_overload web server denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0754"
},
{
"category": "external",
"summary": "RHBZ#479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
}
],
"release_date": "2004-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "PHP mbstring.func_overload web server denial of service"
},
{
"cve": "CVE-2009-1271",
"discovery_date": "2009-02-27T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: crash on malformed input in json_decode()"
}
]
}
rhsa-2009:0350
Vulnerability from csaf_redhat
Published
2009-04-14 17:14
Modified
2025-10-09 13:08
Summary
Red Hat Security Advisory: php security update
Notes
Topic
Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)
A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)
A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)
A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)
A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)
A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)
A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)
All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:0350",
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "474824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
},
{
"category": "external",
"summary": "478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "494530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
}
],
"title": "Red Hat Security Advisory: php security update",
"tracking": {
"current_release_date": "2025-10-09T13:08:45+00:00",
"generator": {
"date": "2025-10-09T13:08:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2009:0350",
"initial_release_date": "2009-04-14T17:14:00+00:00",
"revision_history": [
{
"date": "2009-04-14T17:14:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-04-14T13:14:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T13:08:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product": {
"name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_stack:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Stack"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-imap-0:5.2.6-4.el5s2.i386",
"product_id": "php-imap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-gd-0:5.2.6-4.el5s2.i386",
"product_id": "php-gd-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-devel-0:5.2.6-4.el5s2.i386",
"product_id": "php-devel-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-0:5.2.6-4.el5s2.i386",
"product_id": "php-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-dba-0:5.2.6-4.el5s2.i386",
"product_id": "php-dba-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-soap-0:5.2.6-4.el5s2.i386",
"product_id": "php-soap-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-common-0:5.2.6-4.el5s2.i386",
"product_id": "php-common-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-cli-0:5.2.6-4.el5s2.i386",
"product_id": "php-cli-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-xml-0:5.2.6-4.el5s2.i386",
"product_id": "php-xml-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "php-0:5.2.6-4.el5s2.src",
"product": {
"name": "php-0:5.2.6-4.el5s2.src",
"product_id": "php-0:5.2.6-4.el5s2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
},
"product_reference": "php-0:5.2.6-4.el5s2.src",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
"relates_to_product_reference": "5Server-Stacks"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
"product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
},
"product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
"relates_to_product_reference": "5Server-Stacks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-3658",
"discovery_date": "2008-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459529"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: buffer overflow in the imageloadfont function in gd extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3658"
},
{
"category": "external",
"summary": "RHBZ#459529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
}
],
"release_date": "2008-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: buffer overflow in the imageloadfont function in gd extension"
},
{
"cve": "CVE-2008-3660",
"discovery_date": "2008-08-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "459572"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: FastCGI module DoS via multiple dots preceding the extension",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3660"
},
{
"category": "external",
"summary": "RHBZ#459572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
}
],
"release_date": "2008-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: FastCGI module DoS via multiple dots preceding the extension"
},
{
"cve": "CVE-2008-5498",
"discovery_date": "2008-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478425"
}
],
"notes": [
{
"category": "description",
"text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: libgd imagerotate() array index error memory disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5498"
},
{
"category": "external",
"summary": "RHBZ#478425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
}
],
"release_date": "2008-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: libgd imagerotate() array index error memory disclosure"
},
{
"cve": "CVE-2008-5557",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2008-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "478848"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5557"
},
{
"category": "external",
"summary": "RHBZ#478848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
},
{
"cve": "CVE-2008-5658",
"discovery_date": "2008-12-04T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
}
],
"release_date": "2008-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
},
{
"cve": "CVE-2008-5814",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2009-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "480167"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "php: XSS via PHP error messages",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5814"
},
{
"category": "external",
"summary": "RHBZ#480167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: XSS via PHP error messages"
},
{
"cve": "CVE-2009-0754",
"discovery_date": "2009-01-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "479272"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "PHP mbstring.func_overload web server denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0754"
},
{
"category": "external",
"summary": "RHBZ#479272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
}
],
"release_date": "2004-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "PHP mbstring.func_overload web server denial of service"
},
{
"cve": "CVE-2009-1271",
"discovery_date": "2009-02-27T00:00:00+00:00",
"notes": [
{
"category": "description",
"text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
}
],
"release_date": "2008-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-04-14T17:14:00+00:00",
"details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:0350"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-0:5.2.6-4.el5s2.src",
"5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
"5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "php: crash on malformed input in json_decode()"
}
]
}
fkie_cve-2008-5658
Vulnerability from fkie_nvd
Published
2008-12-17 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | ||
| cve@mitre.org | http://osvdb.org/50480 | ||
| cve@mitre.org | http://secunia.com/advisories/35003 | ||
| cve@mitre.org | http://secunia.com/advisories/35306 | ||
| cve@mitre.org | http://secunia.com/advisories/35650 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0035 | ||
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1789 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2008/12/04/3 | ||
| cve@mitre.org | http://www.php.net/ChangeLog-5.php#5.2.7 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0350.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/501376/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/32625 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021303 | ||
| cve@mitre.org | http://www.sektioneins.de/advisories/SE-2008-06.txt | Exploit | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/47079 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=124654546101607&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=125631037611762&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/50480 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35003 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35306 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35650 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0035 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/12/04/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.php.net/ChangeLog-5.php#5.2.7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0350.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/501376/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32625 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021303 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.sektioneins.de/advisories/SE-2008-06.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/47079 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php | php | * | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.1 | |
| php | php | 5.0.2 | |
| php | php | 5.0.3 | |
| php | php | 5.0.4 | |
| php | php | 5.0.5 | |
| php | php | 5.1.0 | |
| php | php | 5.1.1 | |
| php | php | 5.1.2 | |
| php | php | 5.1.3 | |
| php | php | 5.1.4 | |
| php | php | 5.1.5 | |
| php | php | 5.1.6 | |
| php | php | 5.2.0 | |
| php | php | 5.2.1 | |
| php | php | 5.2.2 | |
| php | php | 5.2.3 | |
| php | php | 5.2.4 | |
| php | php | 5.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCD404F-54C5-4DFF-ABC3-F0745C5BC96F",
"versionEndIncluding": "5.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n ZipArchive::extractTo de PHP 5.2.6 y anteriores, permite a atacantes dependientes del contexto escribir ficheros de su elecci\u00f3n a trav\u00e9s de un archivo ZIP con un fichero que contenga la secuencia .. (punto punto)."
}
],
"id": "CVE-2008-5658",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-17T20:30:01.017",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50480"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35003"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35306"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35650"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32625"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021303"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html",
"lastModified": "2009-04-15T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTA-2009-AVI-257
Vulnerability from certfr_avis
Plusieurs vulnérabilités de HP-UX Apache Web Server Suite permettent de réaliser un déni de service à distance et d'exécuter du code arbitraire à distance.
Description
De multiples vulnérabilités liées au langage PHP, au serveur Web Apache et aux moteurs de servlet basés sur celui de Tomcat permettent à un individu distant de réaliser un déni de service ou d'exécuter du code arbitraire. Ces vulnérabilités ont été décrites dans les avis précédents du CERTA.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v3.05 (HP-UX 11iv2 et 11iv3) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v2.25 (HP-UX 11iv1).",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s li\u00e9es au langage PHP, au serveur Web Apache\net aux moteurs de servlet bas\u00e9s sur celui de Tomcat permettent \u00e0 un\nindividu distant de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire. Ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9crites dans les avis pr\u00e9c\u00e9dents\ndu CERTA.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-5557",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
},
{
"name": "CVE-2008-5625",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5625"
},
{
"name": "CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"name": "CVE-2008-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
},
{
"name": "CVE-2008-2168",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2168"
},
{
"name": "CVE-2008-2371",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
},
{
"name": "CVE-2008-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3959"
},
{
"name": "CVE-2008-5498",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
},
{
"name": "CVE-2008-2829",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
},
{
"name": "CVE-2008-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
},
{
"name": "CVE-2008-2665",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
},
{
"name": "CVE-2008-2666",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
},
{
"name": "CVE-2008-5624",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5624"
},
{
"name": "CVE-2008-5658",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
},
{
"name": "CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
}
],
"initial_release_date": "2009-06-30T00:00:00",
"last_revision_date": "2009-06-30T00:00:00",
"links": [
{
"title": "Avis CERTA-2008-AVI-417 du 08 ao\u00fbt 2008 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-417"
},
{
"title": "Avis CERTA-2008-AVI-225 du 02 mai 2008 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-225"
},
{
"title": "Avis CERTA-2008-AVI-011 du 09 janvier 2008 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-011"
},
{
"title": "Avis CERTA-2009-AVI-083 du 03 mars 2009 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-083"
},
{
"title": "Avis CERTA-2007-AVI-339 du 08 novembre 2007 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-339"
}
],
"reference": "CERTA-2009-AVI-257",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eHP-UX Apache Web Server\nSuite\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance et\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9 de HP-UX Apache Web Server Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c01756421 du 29 juin 2009",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01756421"
}
]
}
gsd-2008-5658
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-5658",
"description": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"id": "GSD-2008-5658",
"references": [
"https://www.suse.com/security/cve/CVE-2008-5658.html",
"https://www.debian.org/security/2009/dsa-1789",
"https://access.redhat.com/errata/RHSA-2009:0350"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-5658"
],
"details": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"id": "GSD-2008-5658",
"modified": "2023-12-13T01:23:04.326724Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32625"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "1021303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021303"
},
{
"name": "SSRT090085",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-06.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
},
{
"name": "FEDORA-2009-3768",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0035",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"name": "50480",
"refsource": "OSVDB",
"url": "http://osvdb.org/50480"
},
{
"name": "SSRT090192",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-ziparchive-directory-traversal(47079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "RHSA-2009:0350",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "FEDORA-2009-3848",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35003"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.2.7",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"name": "MDVSA-2009:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"name": "HPSBUX02431",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"name": "35306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35306"
},
{
"name": "35650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35650"
},
{
"name": "DSA-1789",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1789"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5658"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.2.7",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-06.txt",
"refsource": "MISC",
"tags": [
"Exploit"
],
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
},
{
"name": "1021303",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1021303"
},
{
"name": "32625",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/32625"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "MDVSA-2009:045",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0035",
"refsource": "CONFIRM",
"tags": [],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"name": "50480",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/50480"
},
{
"name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"name": "RHSA-2009:0350",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"name": "35003",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35003"
},
{
"name": "DSA-1789",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"name": "FEDORA-2009-3768",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"name": "35306",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35306"
},
{
"name": "FEDORA-2009-3848",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"name": "35650",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35650"
},
{
"name": "SSRT090085",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "php-ziparchive-directory-traversal(47079)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-11T20:56Z",
"publishedDate": "2008-12-17T20:30Z"
}
}
}
ghsa-3jwh-q6hx-pvmh
Vulnerability from github
Published
2022-05-14 02:39
Modified
2022-05-14 02:39
VLAI Severity ?
Details
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
{
"affected": [],
"aliases": [
"CVE-2008-5658"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-12-17T20:30:00Z",
"severity": "HIGH"
},
"details": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
"id": "GHSA-3jwh-q6hx-pvmh",
"modified": "2022-05-14T02:39:44Z",
"published": "2022-05-14T02:39:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"type": "WEB",
"url": "http://osvdb.org/50480"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35003"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35306"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35650"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1789"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-5.php#5.2.7"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/32625"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1021303"
},
{
"type": "WEB",
"url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…