Vulnerabilities > CVE-2009-4017 - Allocation of Resources Without Limits or Throttling vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
php
debian
apple
CWE-770
nessus
exploit available

Summary

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Vulnerable Configurations

Part Description Count
Application
Php
384
OS
Debian
3
OS
Apple
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Locate and Exploit Test APIs
    An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.
  • Flooding
    An attacker consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow control in management of interactions. Since each request consumes some of the target's resources, if a sufficiently large number of requests must be processed at the same time then the target's resources can be exhausted. The degree to which the attack is successful depends upon the volume of requests in relation to the amount of the resource the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquired additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more resources the attacker may need to have at their disposal. A typical TCP/IP flooding attack is a Distributed Denial-of-Service attack where many machines simultaneously make a large number of requests to a target. Against a target with strong defenses and a large pool of resources, many tens of thousands of attacking machines may be required. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the attacker can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
  • Excessive Allocation
    An attacker causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request. For example, using an Integer Attack, the attacker could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target.
  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.

Exploit-Db

descriptionPHP "multipart/form-data" Denial of Service Exploit (Python). CVE-2009-4017. Dos exploit for php platform
idEDB-ID:10242
last seen2016-02-01
modified2009-11-27
published2009-11-27
reporterEren
sourcehttps://www.exploit-db.com/download/10242/
titlePHP < 5.3.1 - "multipart/form-data" Denial of Service Exploit Python

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-0495.NASL
    descriptionUpdate to the latest PHP 5.2 release which focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. See http://www.php.net/releases/5_2_12.php for more details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47186
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47186
    titleFedora 11 : maniadrive-1.2-17.fc11 / php-5.2.12-1.fc11 (2010-0495)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_39A25A63EB5C11DEB65000215C6A37BB.NASL
    descriptionPHP developers reports : This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12 : - Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) - Added
    last seen2020-06-01
    modified2020-06-02
    plugin id43342
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43342
    titleFreeBSD : php -- multiple vulnerabilities (39a25a63-eb5c-11de-b650-00215c6a37bb)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201001-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201001-03 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below and the associated PHP release notes for details. Impact : A context-dependent attacker could execute arbitrary code via a specially crafted string containing an HTML entity when the mbstring extension is enabled. Furthermore a remote attacker could execute arbitrary code via a specially crafted GD graphics file. A remote attacker could also cause a Denial of Service via a malformed string passed to the json_decode() function, via a specially crafted ZIP file passed to the php_zip_make_relative_path() function, via a malformed JPEG image passed to the exif_read_data() function, or via temporary file exhaustion. It is also possible for an attacker to spoof certificates, bypass various safe_mode and open_basedir restrictions when certain criteria are met, perform Cross-site scripting attacks, more easily perform SQL injection attacks, manipulate settings of other virtual hosts on the same server via a malicious .htaccess entry when running on Apache, disclose memory portions, and write arbitrary files via a specially crafted ZIP archive. Some vulnerabilities with unknown impact and attack vectors have been reported as well. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id44892
    published2010-02-25
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44892
    titleGLSA-201001-03 : PHP: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-6846.NASL
    descriptionThis update of PHP5 fixes : - CVE-2008-5625: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5814: CVSS v2 Base Score: 2.6 (LOW) (AV:N/AC:H/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) CVE-2009-2626: CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:P): Other (CWE-Other) CVE-2009-2687: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20) CVE-2009-3546: CVSS v2 Base Score: 4.4 (moderate) (AV:L/AC:M/Au:N/C:P/I:P/A:P): Other (CWE-Other) CVE-2009-4017: CVSS v2 Base Score: 5.0 (moderate) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Other (CWE-Other) CVE-2009-4142: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS). (CWE-79). (CVE-2008-5624: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264))
    last seen2020-06-01
    modified2020-06-02
    plugin id44687
    published2010-02-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44687
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 6846)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-024-02.NASL
    descriptionNew php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44121
    published2010-01-25
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44121
    titleSlackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : php (SSA:2010-024-02)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-304.NASL
    descriptionSome vulnerabilities were discovered and corrected in php : PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017). The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42918
    published2009-11-30
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42918
    titleMandriva Linux Security Advisory : php (MDVSA-2009:304)
  • NASL familyWeb Servers
    NASL idHPSMH_6_2_0_12.NASL
    descriptionAccording to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.2. Such versions are reportedly affected by the following vulnerabilities : - Session renegotiations are not handled properly, which could be exploited to insert arbitrary plaintext in a man-in-the-middle attack. (CVE-2009-3555) - An attacker may be able to upload files using a POST request with
    last seen2020-06-01
    modified2020-06-02
    plugin id49272
    published2010-09-17
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49272
    titleHP System Management Homepage < 6.2 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100113_PHP_ON_SL3_X.NASL
    descriptionCVE-2009-2687 php: exif_read_data crash on corrupted JPEG files CVE-2009-3292 php: exif extension: Multiple missing sanity checks in EXIF file processing CVE-2009-3291 php: openssl extension: Incorrect verification of SSL certificate with NUL in name CVE-2009-3546 gd: insufficient input validation in _gdGetColors() CVE-2009-4017 PHP: resource exhaustion attack via upload requests with lots of files CVE-2009-4142 php: htmlspecialchars() insufficient checking of input for multi-byte encodings Multiple missing input sanitization flaws were discovered in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id60723
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60723
    titleScientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_APACHE2-MOD_PHP5-100212.NASL
    descriptionThis update of php5 fixes: CVE-2008-5624: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5625: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5814: CVSS v2 Base Score: 2.6 (LOW) (AV:N/AC:H/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) CVE-2009-2626: CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:P): Other (CWE-Other) CVE-2009-2687: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20) CVE-2009-3546: CVSS v2 Base Score: 4.4 (moderate) (AV:L/AC:M/Au:N/C:P/I:P/A:P): Other (CWE-Other) CVE-2009-4017: CVSS v2 Base Score: 5.0 (moderate) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Other (CWE-Other) CVE-2009-4142: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79)
    last seen2020-06-01
    modified2020-06-02
    plugin id44678
    published2010-02-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44678
    titleopenSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-324.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in php : The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file (CVE-2008-7068). The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function (CVE-2009-1271). - Fixed upstream bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files) (CVE-2009-2687). The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates (CVE-2009-3291). Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. (CVE-2009-3292) Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. (CVE-2009-3293) The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third-party information (CVE-2009-3546). The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments (CVE-2009-3557). The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file (CVE-2009-3558). PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017). The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018). The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file (CVE-2008-7068). The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates (CVE-2009-3291). Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. (CVE-2009-3292) Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. (CVE-2009-3293). However in Mandriva we don
    last seen2020-06-01
    modified2020-06-02
    plugin id43043
    published2009-12-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43043
    titleMandriva Linux Security Advisory : php (MDVSA-2009:324)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id45372
    published2010-03-29
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45372
    titleMac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idPHP_5_2_12.NASL
    descriptionAccording to its banner, the version of PHP installed on the remote host is older than 5.2.12. Such versions may be affected by several security issues : - It is possible to bypass the
    last seen2020-06-01
    modified2020-06-02
    plugin id43351
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43351
    titlePHP < 5.2.12 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0040.NASL
    descriptionUpdated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id43878
    published2010-01-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43878
    titleCentOS 3 / 4 / 5 : php (CESA-2010:0040)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0040.NASL
    descriptionFrom Red Hat Security Advisory 2010:0040 : Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id67986
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67986
    titleOracle Linux 3 / 4 / 5 : php (ELSA-2010-0040)
  • NASL familyCGI abuses
    NASL idPHP_5_3_1.NASL
    descriptionAccording to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.1. Such versions may be affected by several security issues : - Sanity checks are missing in exif processing. - It is possible to bypass the
    last seen2020-06-01
    modified2020-06-02
    plugin id42862
    published2009-11-20
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42862
    titlePHP 5.3 < 5.3.1 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0040.NASL
    descriptionUpdated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id43883
    published2010-01-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43883
    titleRHEL 3 / 4 / 5 : php (RHSA-2010:0040)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_APACHE2-MOD_PHP5-100212.NASL
    descriptionThis update of php5 fixes: CVE-2008-5624: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5625: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5814: CVSS v2 Base Score: 2.6 (LOW) (AV:N/AC:H/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) CVE-2009-2626: CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:P): Other (CWE-Other) CVE-2009-2687: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20) CVE-2009-3546: CVSS v2 Base Score: 4.4 (moderate) (AV:L/AC:M/Au:N/C:P/I:P/A:P): Other (CWE-Other) CVE-2009-4017: CVSS v2 Base Score: 5.0 (moderate) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Other (CWE-Other) CVE-2009-4142: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79)
    last seen2020-06-01
    modified2020-06-02
    plugin id44680
    published2010-02-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44680
    titleopenSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_APACHE2-MOD_PHP5-100215.NASL
    descriptionThis update of php5 fixes: CVE-2008-5624: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5625: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5814: CVSS v2 Base Score: 2.6 (LOW) (AV:N/AC:H/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) CVE-2009-2626: CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:P): Other (CWE-Other) CVE-2009-2687: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20) CVE-2009-3546: CVSS v2 Base Score: 4.4 (moderate) (AV:L/AC:M/Au:N/C:P/I:P/A:P): Other (CWE-Other) CVE-2009-4017: CVSS v2 Base Score: 5.0 (moderate) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Other (CWE-Other) CVE-2009-4142: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79)
    last seen2020-06-01
    modified2020-06-02
    plugin id44683
    published2010-02-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44683
    titleopenSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP5-100212.NASL
    descriptionThis update of PHP5 fixes : - CVE-2008-5624: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) : Permissions, Privileges, and Access Control (CWE-264) - CVE-2008-5625: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) : Permissions, Privileges, and Access Control (CWE-264) - Cross-Site Scripting (XSS). (CWE-79). (CVE-2008-5814: CVSS v2 Base Score: 2.6 (LOW) (AV:N/AC:H/Au:N/C:N/I:P/A:N)) - CVE-2009-2626: CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:P) : Other (CWE-Other) - CVE-2009-2687: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P) : Input Validation (CWE-20) - CVE-2009-3546: CVSS v2 Base Score: 4.4 (moderate) (AV:L/AC:M/Au:N/C:P/I:P/A:P) : Other (CWE-Other) - CVE-2009-4017: CVSS v2 Base Score: 5.0 (moderate) (AV:N/AC:L/Au:N/C:N/I:N/A:P) : Other (CWE-Other) - Cross-Site Scripting (XSS) (CWE-79). (CVE-2009-4142: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N))
    last seen2020-06-01
    modified2020-06-02
    plugin id44686
    published2010-02-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44686
    titleSuSE 11 Security Update : PHP5 (SAT Patch Number 1978)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-303.NASL
    descriptionSome vulnerabilities were discovered and corrected in php-5.2.11 : The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments (CVE-2009-3557). The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file (CVE-2009-3558). PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017). The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018). Intermittent segfaults occured on x86_64 with the latest phpmyadmin and with apache (#53735). Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id48159
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48159
    titleMandriva Linux Security Advisory : php (MDVSA-2009:303)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-6847.NASL
    descriptionThis update of PHP5 fixes : - CVE-2008-5625: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264) CVE-2008-5814: CVSS v2 Base Score: 2.6 (LOW) (AV:N/AC:H/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) CVE-2009-2626: CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:P): Other (CWE-Other) CVE-2009-2687: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Input Validation (CWE-20) CVE-2009-3546: CVSS v2 Base Score: 4.4 (moderate) (AV:L/AC:M/Au:N/C:P/I:P/A:P): Other (CWE-Other) CVE-2009-4017: CVSS v2 Base Score: 5.0 (moderate) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Other (CWE-Other) CVE-2009-4142: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS). (CWE-79). (CVE-2008-5624: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P): Permissions, Privileges, and Access Control (CWE-264))
    last seen2020-06-01
    modified2020-06-02
    plugin id49829
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49829
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 6847)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-862-1.NASL
    descriptionMaksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. (CVE-2008-7068) It was discovered that PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id42930
    published2009-11-30
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42930
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-862-1)

Oval

  • accepted2013-04-29T04:06:02.748-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionPHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
    familyunix
    idoval:org.mitre.oval:def:10483
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titlePHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
    version27
  • accepted2015-04-20T04:02:32.498-04:00
    classvulnerability
    contributors
    • nameChandan M C
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionPHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
    familyunix
    idoval:org.mitre.oval:def:6667
    statusaccepted
    submitted2010-10-25T11:50:46.000-05:00
    titleHP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)
    version48

Redhat

rpms
  • php-0:4.3.2-54.ent
  • php-0:4.3.9-3.29
  • php-0:5.1.6-24.el5_4.5
  • php-bcmath-0:5.1.6-24.el5_4.5
  • php-cli-0:5.1.6-24.el5_4.5
  • php-common-0:5.1.6-24.el5_4.5
  • php-dba-0:5.1.6-24.el5_4.5
  • php-debuginfo-0:4.3.2-54.ent
  • php-debuginfo-0:4.3.9-3.29
  • php-debuginfo-0:5.1.6-24.el5_4.5
  • php-devel-0:4.3.2-54.ent
  • php-devel-0:4.3.9-3.29
  • php-devel-0:5.1.6-24.el5_4.5
  • php-domxml-0:4.3.9-3.29
  • php-gd-0:4.3.9-3.29
  • php-gd-0:5.1.6-24.el5_4.5
  • php-imap-0:4.3.2-54.ent
  • php-imap-0:4.3.9-3.29
  • php-imap-0:5.1.6-24.el5_4.5
  • php-ldap-0:4.3.2-54.ent
  • php-ldap-0:4.3.9-3.29
  • php-ldap-0:5.1.6-24.el5_4.5
  • php-mbstring-0:4.3.9-3.29
  • php-mbstring-0:5.1.6-24.el5_4.5
  • php-mysql-0:4.3.2-54.ent
  • php-mysql-0:4.3.9-3.29
  • php-mysql-0:5.1.6-24.el5_4.5
  • php-ncurses-0:4.3.9-3.29
  • php-ncurses-0:5.1.6-24.el5_4.5
  • php-odbc-0:4.3.2-54.ent
  • php-odbc-0:4.3.9-3.29
  • php-odbc-0:5.1.6-24.el5_4.5
  • php-pdo-0:5.1.6-24.el5_4.5
  • php-pear-0:4.3.9-3.29
  • php-pgsql-0:4.3.2-54.ent
  • php-pgsql-0:4.3.9-3.29
  • php-pgsql-0:5.1.6-24.el5_4.5
  • php-snmp-0:4.3.9-3.29
  • php-snmp-0:5.1.6-24.el5_4.5
  • php-soap-0:5.1.6-24.el5_4.5
  • php-xml-0:5.1.6-24.el5_4.5
  • php-xmlrpc-0:4.3.9-3.29
  • php-xmlrpc-0:5.1.6-24.el5_4.5