Vulnerabilities > CVE-2010-3710 - Resource Management Errors vulnerability in PHP

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
php
CWE-399
nessus

Summary

Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_APACHE2-MOD_PHP5-101105.NASL
    descriptionInsufficient handling of certain character sequences in the utf8_decode() function could be leveraged to conduct cross-site-scripting (XSS) attacks (CVE-2010-3870). php5 could also consume large amounts of memory and crash if a long mail address was passed to filter_var() with parmeter FILTER_VALIDATE_EMAIL (CVE-2010-3710).
    last seen2020-06-01
    modified2020-06-02
    plugin id53652
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53652
    titleopenSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:1012-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2195.NASL
    descriptionStephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441 ). When upgrading your php5-common package take special care to acceptthe changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.
    last seen2020-03-17
    modified2011-03-21
    plugin id52719
    published2011-03-21
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52719
    titleDebian DSA-2195-1 : php5 - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0196.NASL
    descriptionUpdated php53 packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id53416
    published2011-04-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53416
    titleCentOS 5 : php53 (CESA-2011:0196)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56459
    published2011-10-12
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56459
    titleGLSA-201110-06 : PHP: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0196.NASL
    descriptionUpdated php53 packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id51867
    published2011-02-04
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51867
    titleRHEL 5 : php53 (RHSA-2011:0196)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-18976.NASL
    descriptionSecurity Enhancements and Fixes in PHP 5.3.4 : - Fixed crash in zip extract method (possible CWE-170). - Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). - Fixed possible flaw in open_basedir (CVE-2010-3436). - Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). - Fixed symbolic resolution support when the target is a DFS share. - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). Key Bug Fixes in PHP 5.3.4 include : - Added stat support for zip stream. - Added follow_location (enabled by default) option for the http stream support. - Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. Full upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4 This update also provides php-eaccelerator and maniadrive packages rebuild against update php. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51412
    published2011-01-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51412
    titleFedora 14 : maniadrive-1.2-23.fc14 / php-5.3.4-1.fc14.1 / php-eaccelerator-0.9.6.1-3.fc14 (2010-18976)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C623F05810E711E0BECC0022156E8794.NASL
    descriptionThe following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15 : Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
    last seen2020-06-01
    modified2020-06-02
    plugin id51507
    published2011-01-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51507
    titleFreeBSD : php-filter -- Denial of Service (c623f058-10e7-11e0-becc-0022156e8794)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-MOD_PHP5-101105.NASL
    descriptionThe following issues have been fixed : - Insufficient handling of certain character sequences in the utf8_decode() function could be leveraged to conduct cross-site scripting (XSS) attacks. (CVE-2010-3870) - php5 could also consume large amounts of memory and crash if a long mail address was passed to filter_var() with parmeter FILTER_VALIDATE_EMAIL. (CVE-2010-3710)
    last seen2020-06-01
    modified2020-06-02
    plugin id50973
    published2010-12-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50973
    titleSuSE 11 / 11.1 Security Update : PHP5 (SAT Patch Numbers 3489 / 3490)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-254.NASL
    descriptionThis is a maintenance and security update that upgrades php to 5.3.4 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.4 : - Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). - Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus values) (CVE-2010-4409) Please note that CVE-2010-4150, CVE-2010-3870, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710 were fixed in previous advisories. Key Bug Fixes in PHP 5.3.4 include : - Added stat support for zip stream. - Added follow_location (enabled by default) option for the http stream support. - Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. - Multiple improvements to the FPM SAPI. - Over 100 other bug fixes. Additional post 5.3.4 fixes : - Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). - Fixed bug #53541 (format string bug in ext/phar). Additionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.
    last seen2020-06-01
    modified2020-06-02
    plugin id51196
    published2010-12-16
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51196
    titleMandriva Linux Security Advisory : php (MDVSA-2010:254)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-218.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in php : Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string (CVE-2010-3710). A NULL pointer dereference was discovered in ZipArchive::getArchiveComment (CVE-2010-3709). A possible flaw was discovered in open_basedir (CVE-2010-3436). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50429
    published2010-11-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50429
    titleMandriva Linux Security Advisory : php (MDVSA-2010:218)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-19011.NASL
    descriptionSecurity Enhancements and Fixes in PHP 5.3.4 : - Fixed crash in zip extract method (possible CWE-170). - Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). - Fixed possible flaw in open_basedir (CVE-2010-3436). - Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). - Fixed symbolic resolution support when the target is a DFS share. - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). Key Bug Fixes in PHP 5.3.4 include : - Added stat support for zip stream. - Added follow_location (enabled by default) option for the http stream support. - Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. - Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. Full upstream Changelog : http://www.php.net/ChangeLog-5.php#5.3.4 This update also provides php-eaccelerator and maniadrive packages rebuild against update php. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51413
    published2011-01-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51413
    titleFedora 13 : maniadrive-1.2-23.fc13 / php-5.3.4-1.fc13.1 / php-eaccelerator-0.9.6.1-3.fc13 (2010-19011)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_7.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id52754
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52754
    titleMac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110203_PHP53_ON_SL5_X.NASL
    descriptionA flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id60948
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60948
    titleScientific Linux Security Update : php53 on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_APACHE2-MOD_PHP5-101110.NASL
    descriptionInsufficient handling of certain character sequences in the utf8_decode() function could be leveraged to conduct cross-site-scripting (XSS) attacks (CVE-2010-3870). php5 could also consume large amounts of memory and crash if a long mail address was passed to filter_var() with parmeter FILTER_VALIDATE_EMAIL (CVE-2010-3710).
    last seen2020-06-01
    modified2020-06-02
    plugin id75430
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75430
    titleopenSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:1012-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0196.NASL
    descriptionFrom Red Hat Security Advisory 2011:0196 : Updated php53 packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id68192
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68192
    titleOracle Linux 5 : php53 (ELSA-2011-0196)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_APACHE2-MOD_PHP5-101110.NASL
    descriptionInsufficient handling of certain character sequences in the utf8_decode() function could be leveraged to conduct cross-site-scripting (XSS) attacks (CVE-2010-3870). php5 could also consume large amounts of memory and crash if a long mail address was passed to filter_var() with parmeter FILTER_VALIDATE_EMAIL (CVE-2010-3710).
    last seen2020-06-01
    modified2020-06-02
    plugin id53694
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53694
    titleopenSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2010:1012-1)
  • NASL familyCGI abuses
    NASL idPHP_5_3_4.NASL
    descriptionAccording to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.4. Such versions may be affected by several security issues : - A crash in the zip extract method. - A stack-based buffer overflow in impagepstext() of the GD extension. - An unspecified vulnerability related to symbolic resolution when using a DFS share. - A security bypass vulnerability related to using pathnames containing NULL bytes. (CVE-2006-7243) - Multiple format string vulnerabilities. (CVE-2010-2094, CVE-2010-2950) - An unspecified security bypass vulnerability in open_basedir(). (CVE-2010-3436) - A NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709) - Memory corruption in php_filter_validate_email(). (CVE-2010-3710) - An input validation vulnerability in xml_utf8_decode(). (CVE-2010-3870) - A possible double free in the IMAP extension. (CVE-2010-4150) - An information disclosure vulnerability in
    last seen2020-06-01
    modified2020-06-02
    plugin id51140
    published2010-12-13
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51140
    titlePHP 5.3 < 5.3.4 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1042-1.NASL
    descriptionIt was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. (CVE-2009-5016) It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. (CVE-2010-3870) It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. (CVE-2010-3436) Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3709) It was discovered that a stack consumption vulnerability in the filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3710) It was discovered that the mb_strcut function in the Libmbfl library within PHP could allow an attacker to read arbitrary memory within the application process. This issue only affected Ubuntu 10.10. (CVE-2010-4156) Maksymilian Arciemowicz discovered that an integer overflow in the NumberFormatter::getSymbol function could allow an attacker to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2010-4409) Rick Regan discovered that when handing PHP textual representations of the largest subnormal double-precision floating-point number, the zend_strtod function could go into an infinite loop on 32bit x86 processors, allowing an attacker to cause a denial of service. (CVE-2010-4645). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51502
    published2011-01-12
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51502
    titleUbuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : php5 vulnerabilities (USN-1042-1)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL13519.NASL
    descriptionPHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products : CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. CVE-2010-3710 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3870 The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. CVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. CVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. CVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2011-3268 Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
    last seen2020-06-01
    modified2020-06-02
    plugin id78134
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78134
    titleF5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-MOD_PHP5-7221.NASL
    descriptionThe following issues have been fixed : - Insufficient handling of certain character sequences in the utf8_decode() function could be leveraged to conduct cross-site scripting (XSS) attacks. (CVE-2010-3870) - php5 could also consume large amounts of memory and crash if a long mail address was passed to filter_var() with the parameter FILTER_VALIDATE_EMAIL. (CVE-2010-3710)
    last seen2020-06-01
    modified2020-06-02
    plugin id50975
    published2010-12-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50975
    titleSuSE 10 Security Update : PHP5 (ZYPP Patch Number 7221)

Redhat

advisories
rhsa
idRHSA-2011:0196
rpms
  • php53-0:5.3.3-1.el5_6.1
  • php53-bcmath-0:5.3.3-1.el5_6.1
  • php53-cli-0:5.3.3-1.el5_6.1
  • php53-common-0:5.3.3-1.el5_6.1
  • php53-dba-0:5.3.3-1.el5_6.1
  • php53-debuginfo-0:5.3.3-1.el5_6.1
  • php53-devel-0:5.3.3-1.el5_6.1
  • php53-gd-0:5.3.3-1.el5_6.1
  • php53-imap-0:5.3.3-1.el5_6.1
  • php53-intl-0:5.3.3-1.el5_6.1
  • php53-ldap-0:5.3.3-1.el5_6.1
  • php53-mbstring-0:5.3.3-1.el5_6.1
  • php53-mysql-0:5.3.3-1.el5_6.1
  • php53-odbc-0:5.3.3-1.el5_6.1
  • php53-pdo-0:5.3.3-1.el5_6.1
  • php53-pgsql-0:5.3.3-1.el5_6.1
  • php53-process-0:5.3.3-1.el5_6.1
  • php53-pspell-0:5.3.3-1.el5_6.1
  • php53-snmp-0:5.3.3-1.el5_6.1
  • php53-soap-0:5.3.3-1.el5_6.1
  • php53-xml-0:5.3.3-1.el5_6.1
  • php53-xmlrpc-0:5.3.3-1.el5_6.1