Vulnerabilities > CVE-2007-5898 - Unspecified vulnerability in PHP

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
php
nessus

Summary

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

Vulnerable Configurations

Part Description Count
Application
Php
333

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-628-1.NASL
    descriptionIt was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. (CVE-2007-4782) Maksymilian Arciemowicz discovered a flaw in the cURL library that allowed safe_mode and open_basedir restrictions to be bypassed. If a PHP application were tricked into processing a bad file:// request, an attacker could read arbitrary files. (CVE-2007-4850) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. This issue affects Ubuntu 8.04 LTS, and an updated fix is included for Ubuntu 6.06 LTS, 7.04 and 7.10. (CVE-2007-5898) It was discovered that the output_add_rewrite_var function would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user
    last seen2020-06-01
    modified2020-06-02
    plugin id33575
    published2008-07-24
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33575
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1444.NASL
    descriptionIt was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA. For reference the original advisory below : Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3799 It was discovered that the session_start() function allowed the insertion of attributes into the session cookie. - CVE-2007-3998 Mattias Bengtsson and Philip Olausson discovered that a programming error in the implementation of the wordwrap() function allowed denial of service through an infinite loop. - CVE-2007-4658 Stanislav Malyshev discovered that a format string vulnerability in the money_format() function could allow the execution of arbitrary code. - CVE-2007-4659 Stefan Esser discovered that execution control flow inside the zend_alter_ini_entry() function is handled incorrectly in case of a memory limit violation. - CVE-2007-4660 Gerhard Wagner discovered an integer overflow inside the chunk_split() function. - CVE-2007-5898 Rasmus Lerdorf discovered that incorrect parsing of multibyte sequences may lead to disclosure of memory contents. - CVE-2007-5899 It was discovered that the output_add_rewrite_var() function could leak session ID information, resulting in information disclosure. This update also fixes two bugs from the PHP 5.2.4 release which don
    last seen2020-06-01
    modified2020-06-02
    plugin id29838
    published2008-01-04
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29838
    titleDebian DSA-1444-2 : php5 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-4810.NASL
    descriptionThis update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities (CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars (CVE-2007-5898) - overly long arguments to the dl() function could crash php (CVE-2007-4825) - overy long arguments to the glob() function could crash php (CVE-2007-4782) - overly long arguments to some iconv functions could crash php (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows (CVE-2007-3996) - The money_format function contained format string flaws (CVE-2007-4658) - Data for some time zones has been updated
    last seen2020-06-01
    modified2020-06-02
    plugin id29878
    published2008-01-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29878
    titleopenSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-4808.NASL
    descriptionThis update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities. (CVE-2007-1659 / CVE-2006-7230 / CVE-2007-1660 / CVE-2006-7227 / CVE-2005-4872 / CVE-2006-7228) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658) - Data for some time zones has been updated
    last seen2020-06-01
    modified2020-06-02
    plugin id29780
    published2007-12-24
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29780
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0545.NASL
    descriptionUpdated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33511
    published2008-07-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33511
    titleRHEL 4 : php (RHSA-2008:0545)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0545.NASL
    descriptionUpdated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43693
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43693
    titleCentOS 4 : php (CESA-2008:0545)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12049.NASL
    descriptionThis update fixes multiple bugs in php : - several problems in pcre (CVE-2007-1660, CVE-2006-7225, CVE-2006-7224, CVE-2006-7226 CVE-2007-1659, CVE-2006-7230) - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. (CVE-2007-5898) - overly long arguments to the dl() function could crash php. (CVE-2007-4825) - overy long arguments to the glob() function could crash php. (CVE-2007-4782) - overly long arguments to some iconv functions could crash php. (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php. (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception. (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php. (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow. (CVE-2007-4661, CVE-2007-2872) - Flaws in the GD extension could lead to integer overflows. (CVE-2007-3996) - The money_format function contained format string flaws. (CVE-2007-4658)
    last seen2020-06-01
    modified2020-06-02
    plugin id41187
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41187
    titleSuSE9 Security Update : PHP4 (YOU Patch Number 12049)
  • NASL familyCGI abuses
    NASL idPHP_5_2_5.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is older than 5.2.5. Such versions may be affected by various issues, including but not limited to several buffer overflows.
    last seen2020-06-01
    modified2020-06-02
    plugin id28181
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28181
    titlePHP < 5.2.5 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0546.NASL
    descriptionUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33512
    published2008-07-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33512
    titleRHEL 2.1 : php (RHSA-2008:0546)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0545.NASL
    descriptionFrom Red Hat Security Advisory 2008:0545 : Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id67712
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67712
    titleOracle Linux 4 : php (ELSA-2008-0545)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080716_PHP_ON_SL5_X.NASL
    descriptionIt was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id60445
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60445
    titleScientific Linux Security Update : php on SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-126.NASL
    descriptionA number of vulnerabilities have been found and corrected in PHP : PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with
    last seen2020-06-01
    modified2020-06-02
    plugin id37584
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37584
    titleMandriva Linux Security Advisory : php (MDVSA-2008:126)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0544.NASL
    descriptionFrom Red Hat Security Advisory 2008:0544 : Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id67711
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67711
    titleOracle Linux 3 / 5 : php (ELSA-2008-0544)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-549-2.NASL
    descriptionUSN-549-1 fixed vulnerabilities in PHP. However, some upstream changes were incomplete, which caused crashes in certain situations with Ubuntu 7.10. This update fixes the problem. We apologize for the inconvenience. It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998) Integer overflows were discovered in the strspn and strcspn functions. Attackers could exploit this to read arbitrary areas of memory, possibly gaining access to sensitive information. (CVE-2007-4657) Stanislav Malyshev discovered that money_format function did not correctly handle certain tokens. If a PHP application were tricked into processing a bad format string, a remote attacker could execute arbitrary code with application privileges. (CVE-2007-4658) It was discovered that the php_openssl_make_REQ function did not correctly check buffer lengths. A remote attacker could send a specially crafted message and execute arbitrary code with application privileges. (CVE-2007-4662) It was discovered that certain characters in session cookies were not handled correctly. A remote attacker could injection values which could lead to altered application behavior, potentially gaining additional privileges. (CVE-2007-3799) Gerhard Wagner discovered that the chunk_split function did not correctly handle long strings. A remote attacker could exploit this to execute arbitrary code with application privileges. (CVE-2007-2872, CVE-2007-4660, CVE-2007-4661) Stefan Esser discovered that deeply nested arrays could be made to fill stack space. A remote attacker could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-1285, CVE-2007-4670) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. (CVE-2007-5898) It was discovered that the output_add_rewrite_var fucntion would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user
    last seen2020-06-01
    modified2020-06-02
    plugin id29213
    published2007-12-04
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29213
    titleUbuntu 7.10 : php5 regression (USN-549-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0544.NASL
    descriptionUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33510
    published2008-07-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33510
    titleRHEL 3 / 5 : php (RHSA-2008:0544)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080716_PHP_ON_SL4_X.NASL
    descriptionIt was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id60444
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60444
    titleScientific Linux Security Update : php on SL4.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3864.NASL
    descriptionThis release updates PHP to the latest upstream version 5.2.6, fixing multiple bugs and security issues. See upstream release notes for further details: http://www.php.net/releases/5_2_5.php http://www.php.net/releases/5_2_6.php It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. An attacker could use this flaw to conduct cross-site scripting attack against users of such browsers. (CVE-2007-5898) It was discovered that a PHP script using the transparent session ID configuration option, or using the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form which is posted to a third-party website, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33232
    published2008-06-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33232
    titleFedora 8 : php-5.2.6-2.fc8 (2008-3864)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-4909.NASL
    descriptionThis update fixes multiple bugs in php by upgrading it to version 5.2.5. - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars (CVE-2007-5898) - overly long arguments to the dl() function could crash php (CVE-2007-4825) - overy long arguments to the glob() function could crash php (CVE-2007-4782) - overly long arguments to some iconv functions could crash php (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php (CVE-2007-4784) - the wordwrap-Function could cause a floating point exception (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow (CVE-2007-4661, CVE-2007-2872) - Flaws in the GD extension could lead to integer overflows (CVE-2007-3996) - The money_format function contained format string flaws (CVE-2007-4658) - Data for some time zones has been updated - php5 has been updated to version 5.2.5 to fix those problems
    last seen2020-06-01
    modified2020-06-02
    plugin id30092
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30092
    titleopenSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4909)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-127.NASL
    descriptionA number of vulnerabilities have been found and corrected in PHP : The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors (CVE-2007-5898). The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL (CVE-2007-5899). php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors (CVE-2008-0599). The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters (CVE-2008-2051). Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems (CVE-2008-2107, CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request (CVE-2008-2829). In addition, this update also corrects an issue with some float to string conversions. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38042
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38042
    titleMandriva Linux Security Advisory : php (MDVSA-2008:127)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0544.NASL
    descriptionUpdated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external websites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user
    last seen2020-06-01
    modified2020-06-02
    plugin id33524
    published2008-07-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33524
    titleCentOS 3 / 5 : php (CESA-2008:0544)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-549-1.NASL
    descriptionIt was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998) Integer overflows were discovered in the strspn and strcspn functions. Attackers could exploit this to read arbitrary areas of memory, possibly gaining access to sensitive information. (CVE-2007-4657) Stanislav Malyshev discovered that money_format function did not correctly handle certain tokens. If a PHP application were tricked into processing a bad format string, a remote attacker could execute arbitrary code with application privileges. (CVE-2007-4658) It was discovered that the php_openssl_make_REQ function did not correctly check buffer lengths. A remote attacker could send a specially crafted message and execute arbitrary code with application privileges. (CVE-2007-4662) It was discovered that certain characters in session cookies were not handled correctly. A remote attacker could injection values which could lead to altered application behavior, potentially gaining additional privileges. (CVE-2007-3799) Gerhard Wagner discovered that the chunk_split function did not correctly handle long strings. A remote attacker could exploit this to execute arbitrary code with application privileges. (CVE-2007-2872, CVE-2007-4660, CVE-2007-4661) Stefan Esser discovered that deeply nested arrays could be made to fill stack space. A remote attacker could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-1285, CVE-2007-4670) Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. (CVE-2007-5898) It was discovered that the output_add_rewrite_var fucntion would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user
    last seen2020-06-01
    modified2020-06-02
    plugin id28372
    published2007-11-30
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28372
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : php5 vulnerabilities (USN-549-1)

Oval

accepted2013-04-29T04:01:19.944-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
familyunix
idoval:org.mitre.oval:def:10080
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
version27

Redhat

advisories
  • rhsa
    idRHSA-2008:0505
  • rhsa
    idRHSA-2008:0544
  • rhsa
    idRHSA-2008:0545
  • rhsa
    idRHSA-2008:0546
  • rhsa
    idRHSA-2008:0582
rpms
  • httpd-0:2.2.8-1.el5s2
  • httpd-debuginfo-0:2.2.8-1.el5s2
  • httpd-devel-0:2.2.8-1.el5s2
  • httpd-manual-0:2.2.8-1.el5s2
  • mod_jk-ap20-0:1.2.26-1.el5s2
  • mod_jk-debuginfo-0:1.2.26-1.el5s2
  • mod_perl-0:2.0.4-3.el5s2
  • mod_perl-debuginfo-0:2.0.4-3.el5s2
  • mod_perl-devel-0:2.0.4-3.el5s2
  • mod_ssl-1:2.2.8-1.el5s2
  • mysql-0:5.0.50sp1a-2.el5s2
  • mysql-bench-0:5.0.50sp1a-2.el5s2
  • mysql-cluster-0:5.0.50sp1a-2.el5s2
  • mysql-connector-odbc-0:3.51.24r1071-1.el5s2
  • mysql-connector-odbc-debuginfo-0:3.51.24r1071-1.el5s2
  • mysql-debuginfo-0:5.0.50sp1a-2.el5s2
  • mysql-devel-0:5.0.50sp1a-2.el5s2
  • mysql-jdbc-0:5.0.8-1jpp.1.el5s2
  • mysql-libs-0:5.0.50sp1a-2.el5s2
  • mysql-server-0:5.0.50sp1a-2.el5s2
  • mysql-test-0:5.0.50sp1a-2.el5s2
  • perl-DBD-MySQL-0:4.006-1.el5s2
  • perl-DBD-MySQL-debuginfo-0:4.006-1.el5s2
  • perl-DBI-0:1.604-1.el5s2
  • perl-DBI-debuginfo-0:1.604-1.el5s2
  • php-0:5.2.6-2.el5s2
  • php-bcmath-0:5.2.6-2.el5s2
  • php-cli-0:5.2.6-2.el5s2
  • php-common-0:5.2.6-2.el5s2
  • php-dba-0:5.2.6-2.el5s2
  • php-debuginfo-0:5.2.6-2.el5s2
  • php-devel-0:5.2.6-2.el5s2
  • php-gd-0:5.2.6-2.el5s2
  • php-imap-0:5.2.6-2.el5s2
  • php-ldap-0:5.2.6-2.el5s2
  • php-mbstring-0:5.2.6-2.el5s2
  • php-mysql-0:5.2.6-2.el5s2
  • php-ncurses-0:5.2.6-2.el5s2
  • php-odbc-0:5.2.6-2.el5s2
  • php-pdo-0:5.2.6-2.el5s2
  • php-pgsql-0:5.2.6-2.el5s2
  • php-snmp-0:5.2.6-2.el5s2
  • php-soap-0:5.2.6-2.el5s2
  • php-xml-0:5.2.6-2.el5s2
  • php-xmlrpc-0:5.2.6-2.el5s2
  • postgresql-0:8.2.9-1.el5s2
  • postgresql-contrib-0:8.2.9-1.el5s2
  • postgresql-debuginfo-0:8.2.9-1.el5s2
  • postgresql-devel-0:8.2.9-1.el5s2
  • postgresql-docs-0:8.2.9-1.el5s2
  • postgresql-jdbc-0:8.2.508-1jpp.el5s2
  • postgresql-jdbc-debuginfo-0:8.2.508-1jpp.el5s2
  • postgresql-libs-0:8.2.9-1.el5s2
  • postgresql-odbc-0:08.02.0500-1.el5s2
  • postgresql-odbc-debuginfo-0:08.02.0500-1.el5s2
  • postgresql-plperl-0:8.2.9-1.el5s2
  • postgresql-plpython-0:8.2.9-1.el5s2
  • postgresql-pltcl-0:8.2.9-1.el5s2
  • postgresql-python-0:8.2.9-1.el5s2
  • postgresql-server-0:8.2.9-1.el5s2
  • postgresql-tcl-0:8.2.9-1.el5s2
  • postgresql-test-0:8.2.9-1.el5s2
  • postgresqlclient81-0:8.1.11-1.el5s2
  • postgresqlclient81-debuginfo-0:8.1.11-1.el5s2
  • unixODBC-0:2.2.12-8.el5s2
  • unixODBC-debuginfo-0:2.2.12-8.el5s2
  • unixODBC-devel-0:2.2.12-8.el5s2
  • unixODBC-kde-0:2.2.12-8.el5s2
  • php-0:4.3.2-48.ent
  • php-0:5.1.6-20.el5_2.1
  • php-bcmath-0:5.1.6-20.el5_2.1
  • php-cli-0:5.1.6-20.el5_2.1
  • php-common-0:5.1.6-20.el5_2.1
  • php-dba-0:5.1.6-20.el5_2.1
  • php-debuginfo-0:4.3.2-48.ent
  • php-debuginfo-0:5.1.6-20.el5_2.1
  • php-devel-0:4.3.2-48.ent
  • php-devel-0:5.1.6-20.el5_2.1
  • php-gd-0:5.1.6-20.el5_2.1
  • php-imap-0:4.3.2-48.ent
  • php-imap-0:5.1.6-20.el5_2.1
  • php-ldap-0:4.3.2-48.ent
  • php-ldap-0:5.1.6-20.el5_2.1
  • php-mbstring-0:5.1.6-20.el5_2.1
  • php-mysql-0:4.3.2-48.ent
  • php-mysql-0:5.1.6-20.el5_2.1
  • php-ncurses-0:5.1.6-20.el5_2.1
  • php-odbc-0:4.3.2-48.ent
  • php-odbc-0:5.1.6-20.el5_2.1
  • php-pdo-0:5.1.6-20.el5_2.1
  • php-pgsql-0:4.3.2-48.ent
  • php-pgsql-0:5.1.6-20.el5_2.1
  • php-snmp-0:5.1.6-20.el5_2.1
  • php-soap-0:5.1.6-20.el5_2.1
  • php-xml-0:5.1.6-20.el5_2.1
  • php-xmlrpc-0:5.1.6-20.el5_2.1
  • php-0:4.3.9-3.22.12
  • php-debuginfo-0:4.3.9-3.22.12
  • php-devel-0:4.3.9-3.22.12
  • php-domxml-0:4.3.9-3.22.12
  • php-gd-0:4.3.9-3.22.12
  • php-imap-0:4.3.9-3.22.12
  • php-ldap-0:4.3.9-3.22.12
  • php-mbstring-0:4.3.9-3.22.12
  • php-mysql-0:4.3.9-3.22.12
  • php-ncurses-0:4.3.9-3.22.12
  • php-odbc-0:4.3.9-3.22.12
  • php-pear-0:4.3.9-3.22.12
  • php-pgsql-0:4.3.9-3.22.12
  • php-snmp-0:4.3.9-3.22.12
  • php-xmlrpc-0:4.3.9-3.22.12
  • php-0:4.1.2-2.20
  • php-devel-0:4.1.2-2.20
  • php-imap-0:4.1.2-2.20
  • php-ldap-0:4.1.2-2.20
  • php-manual-0:4.1.2-2.20
  • php-mysql-0:4.1.2-2.20
  • php-odbc-0:4.1.2-2.20
  • php-pgsql-0:4.1.2-2.20
  • php-0:5.1.6-3.el4s1.10
  • php-bcmath-0:5.1.6-3.el4s1.10
  • php-cli-0:5.1.6-3.el4s1.10
  • php-common-0:5.1.6-3.el4s1.10
  • php-dba-0:5.1.6-3.el4s1.10
  • php-debuginfo-0:5.1.6-3.el4s1.10
  • php-devel-0:5.1.6-3.el4s1.10
  • php-gd-0:5.1.6-3.el4s1.10
  • php-imap-0:5.1.6-3.el4s1.10
  • php-ldap-0:5.1.6-3.el4s1.10
  • php-mbstring-0:5.1.6-3.el4s1.10
  • php-mysql-0:5.1.6-3.el4s1.10
  • php-ncurses-0:5.1.6-3.el4s1.10
  • php-odbc-0:5.1.6-3.el4s1.10
  • php-pdo-0:5.1.6-3.el4s1.10
  • php-pgsql-0:5.1.6-3.el4s1.10
  • php-snmp-0:5.1.6-3.el4s1.10
  • php-soap-0:5.1.6-3.el4s1.10
  • php-xml-0:5.1.6-3.el4s1.10
  • php-xmlrpc-0:5.1.6-3.el4s1.10

Statements

contributorMark J Cox
lastmodified2008-08-07
organizationRed Hat
statementThis issue was fixed in all affected PHP versions shipped in Red Hat products. For list of security advisories, visit: https://rhn.redhat.com/errata/CVE-2007-5898.html

References