Vulnerabilities > CVE-2015-3412 - 7PK - Security Features vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
php
redhat
CWE-254
nessus

Summary

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.

Vulnerable Configurations

Part Description Count
Application
Php
638
OS
Redhat
8

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2658-1.NASL
    descriptionNeal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021) Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643) Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service. (CVE-2015-4024) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code. (CVE-2015-4147) Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148) Taoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605) It was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84563
    published2015-07-07
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84563
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2658-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84563);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/18 12:31:44");
    
      script_cve_id("CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644");
      script_bugtraq_id(73357, 74413, 74700, 74902, 74903, 74904, 75056, 75103, 75233, 75241, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292);
      script_xref(name:"USN", value:"2658-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Neal Poole and Tomas Hoger discovered that PHP incorrectly handled
    NULL bytes in file paths. A remote attacker could possibly use this
    issue to bypass intended restrictions and create or obtain access to
    sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025,
    CVE-2015-4026, CVE-2015-4598)
    
    Emmanuel Law discovered that the PHP phar extension incorrectly
    handled filenames starting with a NULL byte. A remote attacker could
    use this issue with a crafted tar archive to cause a denial of
    service. (CVE-2015-4021)
    
    Max Spelsberg discovered that PHP incorrectly handled the LIST command
    when connecting to remote FTP servers. A malicious FTP server could
    possibly use this issue to execute arbitrary code. (CVE-2015-4022,
    CVE-2015-4643)
    
    Shusheng Liu discovered that PHP incorrectly handled certain malformed
    form data. A remote attacker could use this issue with crafted form
    data to cause CPU consumption, leading to a denial of service.
    (CVE-2015-4024)
    
    Andrea Palazzo discovered that the PHP Soap client incorrectly
    validated data types. A remote attacker could use this issue with
    crafted serialized data to possibly execute arbitrary code.
    (CVE-2015-4147)
    
    Andrea Palazzo discovered that the PHP Soap client incorrectly
    validated that the uri property is a string. A remote attacker could
    use this issue with crafted serialized data to possibly obtain
    sensitive information. (CVE-2015-4148)
    
    Taoguang Chen discovered that PHP incorrectly validated data types in
    multiple locations. A remote attacker could possibly use these issues
    to obtain sensitive information or cause a denial of service.
    (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
    CVE-2015-4603)
    
    It was discovered that the PHP Fileinfo component incorrectly handled
    certain files. A remote attacker could use this issue to cause PHP to
    crash, resulting in a denial of service. This issue only affected
    Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605)
    
    It was discovered that PHP incorrectly handled table names in
    php_pgsql_meta_data. A local attacker could possibly use this issue to
    cause PHP to crash, resulting in a denial of service. (CVE-2015-4644).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2658-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/07/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|14\.10|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10 / 15.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libapache2-mod-php5", pkgver:"5.3.10-1ubuntu3.19")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-cgi", pkgver:"5.3.10-1ubuntu3.19")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-cli", pkgver:"5.3.10-1ubuntu3.19")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"php5-fpm", pkgver:"5.3.10-1ubuntu3.19")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libapache2-mod-php5", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-cgi", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-cli", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"php5-fpm", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libapache2-mod-php5", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"php5-cgi", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"php5-cli", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"php5-fpm", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"libapache2-mod-php5", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"php5-cgi", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"php5-cli", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"php5-fpm", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1544.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id124997
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124997
    titleEulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124997);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2013-4248",
        "CVE-2014-2497",
        "CVE-2014-3515",
        "CVE-2014-3668",
        "CVE-2014-3670",
        "CVE-2014-9427",
        "CVE-2014-9705",
        "CVE-2015-0231",
        "CVE-2015-3412",
        "CVE-2015-4021",
        "CVE-2015-4024",
        "CVE-2015-4148",
        "CVE-2015-4598",
        "CVE-2015-4599",
        "CVE-2015-4602",
        "CVE-2015-4603",
        "CVE-2015-4604",
        "CVE-2015-4605",
        "CVE-2018-10546",
        "CVE-2018-10548"
      );
      script_bugtraq_id(
        61776,
        66233,
        68237,
        70665,
        70666,
        71833,
        72539,
        73031,
        74700,
        74903,
        75103,
        75233,
        75241,
        75244,
        75249,
        75250,
        75251,
        75252
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the php packages installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerabilities :
    
      - An integer underflow flaw leading to out-of-bounds
        memory access was found in the way PHP's Phar extension
        parsed Phar archives. A specially crafted archive could
        cause PHP to crash or, possibly, execute arbitrary code
        when opened.(CVE-2015-4021)
    
      - An out of bounds read flaw was found in the way the
        xmlrpc extension parsed dates in the ISO 8601 format. A
        specially crafted XML-RPC request or response could
        possibly cause a PHP application to
        crash.(CVE-2014-3668)
    
      - It was found that certain PHP functions did not
        properly handle file names containing a NULL character.
        A remote attacker could possibly use this flaw to make
        a PHP script access unexpected files and bypass
        intended file system access
        restrictions.(CVE-2015-4598)
    
      - A flaw was found in the way PHP handled malformed
        source files when running in CGI mode. A specially
        crafted PHP file could cause PHP CGI to
        crash.(CVE-2014-9427)
    
      - An issue was discovered in PHP before 5.6.36, 7.0.x
        before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before
        7.2.5. ext/ldap/ldap.c allows remote LDAP servers to
        cause a denial of service (NULL pointer dereference and
        application crash) because of mishandling of the
        ldap_get_dn return value.(CVE-2018-10548)
    
      - An infinite loop vulnerability was found in
        ext/iconv/iconv.c in PHP due to the iconv stream not
        rejecting invalid multibyte sequences. A remote
        attacker could use this vulnerability to hang the php
        process and consume resources.(CVE-2018-10546)
    
      - The openssl_x509_parse function in openssl.c in the
        OpenSSL module in PHP before 5.4.18 and 5.5.x before
        5.5.2 does not properly handle a '\\0' character in a
        domain name in the Subject Alternative Name field of an
        X.509 certificate, which allows man-in-the-middle
        attackers to spoof arbitrary SSL servers via a crafted
        certificate issued by a legitimate Certification
        Authority, a related issue to
        CVE-2009-2408.(CVE-2013-4248)
    
      - A use-after-free flaw was found in the way PHP's
        unserialize() function processed data. If a remote
        attacker was able to pass crafted input to PHP's
        unserialize() function, they could cause the PHP
        interpreter to crash or, possibly, execute arbitrary
        code.(CVE-2015-0231)
    
      - A flaw was discovered in the way PHP performed object
        unserialization. Specially crafted input processed by
        the unserialize() function could cause a PHP
        application to crash or, possibly, execute arbitrary
        code.(CVE-2015-4602)
    
      - It was found that certain PHP functions did not
        properly handle file names containing a NULL character.
        A remote attacker could possibly use this flaw to make
        a PHP script access unexpected files and bypass
        intended file system access
        restrictions.(CVE-2015-3412)
    
      - The mcopy function in softmagic.c in file 5.x, as used
        in the Fileinfo component in PHP before 5.4.40, 5.5.x
        before 5.5.24, and 5.6.x before 5.6.8, does not
        properly restrict a certain offset value, which allows
        remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted string that is mishandled by a 'Python
        script text executable' rule.(CVE-2015-4605)
    
      - A heap buffer overflow flaw was found in the
        enchant_broker_request_dict() function of PHP's enchant
        extension. A specially crafted tag input could possibly
        cause a PHP application to crash.(CVE-2014-9705)
    
      - A buffer overflow flaw was found in the Exif extension.
        A specially crafted JPEG or TIFF file could cause a PHP
        application using the exif_thumbnail() function to
        crash or, possibly, execute arbitrary code with the
        privileges of the user running that PHP
        application.(CVE-2014-3670)
    
      - A flaws was discovered in the way PHP performed object
        unserialization. Specially crafted input processed by
        the unserialize() function could cause a PHP
        application to crash or, possibly, execute arbitrary
        code.(CVE-2015-4148)
    
      - A type confusion issue was found in the SPL ArrayObject
        and SPLObjectStorage classes' unserialize() method. A
        remote attacker able to submit specially crafted input
        to a PHP application, which would then unserialize this
        input using one of the aforementioned methods, could
        use this flaw to execute arbitrary code with the
        privileges of the user running that PHP
        application.(CVE-2014-3515)
    
      - The mget function in softmagic.c in file 5.x, as used
        in the Fileinfo component in PHP before 5.4.40, 5.5.x
        before 5.5.24, and 5.6.x before 5.6.8, does not
        properly maintain a certain pointer relationship, which
        allows remote attackers to cause a denial of service
        (application crash) or possibly execute arbitrary code
        via a crafted string that is mishandled by a 'Python
        script text executable' rule.(CVE-2015-4604)
    
      - A NULL pointer dereference flaw was found in the
        gdImageCreateFromXpm() function of PHP's gd extension.
        A remote attacker could use this flaw to crash a PHP
        application using gd via a specially crafted X PixMap
        (XPM) file.(CVE-2014-2497)
    
      - A flaw was found in the way PHP parsed multipart HTTP
        POST requests. A specially crafted request could cause
        PHP to use an excessive amount of CPU
        time.(CVE-2015-4024)
    
      - Multiple flaws were discovered in the way PHP's Soap
        extension performed object unserialization. Specially
        crafted input processed by the unserialize() function
        could cause a PHP application to disclose portion of
        its memory or crash.(CVE-2015-4599)
    
      - A flaw was discovered in the way PHP performed object
        unserialization. Specially crafted input processed by
        the unserialize() function could cause a PHP
        application to crash or, possibly, execute arbitrary
        code.(CVE-2015-4603)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1544
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb62c9b4");
      script_set_attribute(attribute:"solution", value:
    "Update the affected php packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["php-5.4.16-45.h9",
            "php-cli-5.4.16-45.h9",
            "php-common-5.4.16-45.h9"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1218.NASL
    descriptionFrom Red Hat Security Advisory 2015:1218 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84659
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84659
    titleOracle Linux 6 : php (ELSA-2015-1218)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1135.NASL
    descriptionFrom Red Hat Security Advisory 2015:1135 : Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84351
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84351
    titleOracle Linux 7 : php (ELSA-2015-1135)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150709_PHP_ON_SL6_X.NASL
    descriptionA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-03-18
    modified2015-07-13
    plugin id84661
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84661
    titleScientific Linux Security Update : php on SL6.x i386/x86_64 (20150709)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1135.NASL
    descriptionUpdated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84355
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84355
    titleRHEL 7 : php (RHSA-2015:1135)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1135.NASL
    descriptionUpdated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84345
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84345
    titleCentOS 7 : php (CESA-2015:1135)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1638-1.NASL
    descriptionThis update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id93161
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93161
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1253-1.NASL
    descriptionThis security update of PHP fixes the following issues : Security issues fixed : - CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. - CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. - CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. - CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. - CVE-2015-4148 [bnc#933227]: Fixed SoapClient
    last seen2020-03-24
    modified2019-01-02
    plugin id119968
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119968
    titleSUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1218.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84660
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84660
    titleRHEL 6 : php (RHSA-2015:1218)
  • NASL familyCGI abuses
    NASL idPHP_5_4_40.NASL
    descriptionAccording to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.40. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists in the GetCode_() function within file gd_gif_in.c that allows an unauthenticated, remote attacker to cause a denial of service condition or the disclosure of memory contents. (CVE-2014-9709) - A NULL pointer dereference flaw exists in the build_tablename() function within file pgsql.c in the PostgreSQL extension due to a failure to validate token extraction for table names. An authenticated, remote attacker can exploit this, via a crafted name, to cause a denial of service condition. (CVE-2015-1352) - A use-after-free error exists in the phar_rename_archive() function within file phar_object.c. An unauthenticated, remote attacker can exploit this, by attempting to rename a phar archive to an already existing file name, to cause a denial of service condition. (CVE-2015-2301) - An out-of-bounds read error exists in the Phar component due to improper validation of user-supplied input when handling phar parsing during unserialize() function calls. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2015-2783) - A memory corruption issue exists in the phar_parse_metadata() function in file ext/phar/phar.c due to improper validation of user-supplied input when parsing a specially crafted TAR archive. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-3307) - Multiple stack-based buffer overflow conditions exist in the phar_set_inode() function in file phar_internal.h when handling archive files, such as tar, zip, or phar files. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution or arbitrary code. (CVE-2015-3329) - A flaw exists in the Apache2handler SAPI component when handling pipelined HTTP requests that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-3330) - A flaw exists in multiple functions due to a failure to check for NULL byte (%00) sequences in a path when processing or reading a file. An unauthenticated, remote attacker can exploit this, via specially crafted input to an application calling those functions, to bypass intended restrictions and disclose potentially sensitive information. (CVE-2015-3411, CVE-2015-3412) - A type confusion error exists in multiple functions within file ext/soap/soap.c that is triggered when calling unserialize(). An unauthenticated, remote attacker can exploit this to disclose memory contents, cause a denial of service condition, or execute arbitrary code. (CVE-2015-4599, CVE-2015-4600) - Multiple type confusion errors exist within files ext/soap/php_encoding.c, ext/soap/php_http.c, and ext/soap/soap.c that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4601) - A type confusion error exists in the __PHP_Incomplete_Class() function within file ext/standard/incomplete_class.c that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4602) - A type confusion error exists in the exception::getTraceAsString() function within file Zend/zend_exceptions.c that allows a remote attacker to execute arbitrary code. (CVE-2015-4603) - A denial of service vulnerability exists due to a flaw in the bundled libmagic library, specifically in the mget() function within file softmagic.c. The function fails to maintain a certain pointer relationship. An unauthenticated, remote attacker can exploit this, via a crafted string, to crash the application. (CVE-2015-4604) - A denial of service vulnerability exists due to a flaw in the bundled libmagic library, specifically in the mcopy() function within file softmagic.c. The function fails to properly handle an offset that exceeds
    last seen2020-06-01
    modified2020-06-02
    plugin id83033
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83033
    titlePHP 5.4.x < 5.4.40 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-471.NASL
    descriptionThe PHP script interpreter was updated to receive various security fixes : - CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. - CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. - CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. - CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. - CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.
    last seen2020-06-05
    modified2015-07-07
    plugin id84557
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84557
    titleopenSUSE Security Update : php5 (openSUSE-2015-471)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-307.NASL
    description - CVE-2015-3307 The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. - CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) - CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. - CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. - CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. - CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. - CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a
    last seen2020-03-17
    modified2015-09-08
    plugin id85808
    published2015-09-08
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85808
    titleDebian DLA-307-1 : php5 security update
  • NASL familyCGI abuses
    NASL idPHP_5_6_8.NASL
    descriptionAccording to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.8. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the _zend_shared_memdup() function within file ext/opcache/zend_shared_alloc.c that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2015-1351) - A NULL pointer dereference flaw exists in the build_tablename() function within file pgsql.c in the PostgreSQL extension due to a failure to validate token extraction for table names. An authenticated, remote attacker can exploit this, via a crafted name, to cause a denial of service condition. (CVE-2015-1352) - An out-of-bounds read error exists in the Phar component due to improper validation of user-supplied input when handling phar parsing during unserialize() function calls. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2015-2783) - A memory corruption issue exists in the phar_parse_metadata() function in file ext/phar/phar.c due to improper validation of user-supplied input when parsing a specially crafted TAR archive. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-3307) - Multiple stack-based buffer overflow conditions exist in the phar_set_inode() function in file phar_internal.h when handling archive files, such as tar, zip, or phar files. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution or arbitrary code. (CVE-2015-3329) - A flaw exists in the Apache2handler SAPI component when handling pipelined HTTP requests that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-3330) - A flaw exists in multiple functions due to a failure to check for NULL byte (%00) sequences in a path when processing or reading a file. An unauthenticated, remote attacker can exploit this, via specially crafted input to an application calling those functions, to bypass intended restrictions and disclose potentially sensitive information. (CVE-2015-3411, CVE-2015-3412) - A type confusion error exists in multiple functions within file ext/soap/soap.c that is triggered when calling unserialize(). An unauthenticated, remote attacker can exploit this to disclose memory contents, cause a denial of service condition, or execute arbitrary code. (CVE-2015-4599, CVE-2015-4600) - Multiple type confusion errors exist within files ext/soap/php_encoding.c, ext/soap/php_http.c, and ext/soap/soap.c that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4601) - A type confusion error exists in the __PHP_Incomplete_Class() function within file ext/standard/incomplete_class.c that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4602) - A type confusion error exists in the exception::getTraceAsString() function within file Zend/zend_exceptions.c that allows a remote attacker to execute arbitrary code. (CVE-2015-4603) - A denial of service vulnerability exists due to a flaw in the bundled libmagic library, specifically in the mget() function within file softmagic.c. The function fails to maintain a certain pointer relationship. An unauthenticated, remote attacker can exploit this, via a crafted string, to crash the application. (CVE-2015-4604) - A denial of service vulnerability exists due to a flaw in the bundled libmagic library, specifically in the mcopy() function within file softmagic.c. The function fails to properly handle an offset that exceeds
    last seen2020-06-01
    modified2020-06-02
    plugin id83035
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83035
    titlePHP 5.6.x < 5.6.8 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1265-1.NASL
    descriptionThe PHP script interpreter was updated to fix various security issues : CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. CVE-2015-4148 [bnc#933227]: Fixed a SoapClient
    last seen2020-06-01
    modified2020-06-02
    plugin id84897
    published2015-07-21
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84897
    titleSUSE SLES11 Security Update : PHP (SUSE-SU-2015:1265-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150623_PHP_ON_SL7_X.NASL
    descriptionA flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-03-18
    modified2015-06-25
    plugin id84394
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84394
    titleScientific Linux Security Update : php on SL7.x x86_64 (20150623)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL17028.NASL
    descriptionCVE-2015-3411 It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions for CVE-2015-3411. CVE-2015-3412 It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions for CVE-2015-3412.
    last seen2020-06-01
    modified2020-06-02
    plugin id88847
    published2016-02-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88847
    titleF5 Networks BIG-IP : PHP vulnerabilities (K17028)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1218.NASL
    descriptionUpdated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id84648
    published2015-07-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84648
    titleCentOS 6 : php (CESA-2015:1218)
  • NASL familyCGI abuses
    NASL idPHP_5_5_24.NASL
    descriptionAccording to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified use-after-free error exists in the _zend_shared_memdup() function within file ext/opcache/zend_shared_alloc.c that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2015-1351) - A NULL pointer dereference flaw exists in the build_tablename() function within file pgsql.c in the PostgreSQL extension due to a failure to validate token extraction for table names. An authenticated, remote attacker can exploit this, via a crafted name, to cause a denial of service condition. (CVE-2015-1352) - An out-of-bounds read error exists in the Phar component due to improper validation of user-supplied input when handling phar parsing during unserialize() function calls. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2015-2783) - A memory corruption issue exists in the phar_parse_metadata() function in file ext/phar/phar.c due to improper validation of user-supplied input when parsing a specially crafted TAR archive. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-3307) - Multiple stack-based buffer overflow conditions exist in the phar_set_inode() function in file phar_internal.h when handling archive files, such as tar, zip, or phar files. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution or arbitrary code. (CVE-2015-3329) - A flaw exists in the Apache2handler SAPI component when handling pipelined HTTP requests that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-3330) - A flaw exists in multiple functions due to a failure to check for NULL byte (%00) sequences in a path when processing or reading a file. An unauthenticated, remote attacker can exploit this, via specially crafted input to an application calling those functions, to bypass intended restrictions and disclose potentially sensitive information. (CVE-2015-3411, CVE-2015-3412) - A type confusion error exists in multiple functions within file ext/soap/soap.c that is triggered when calling unserialize(). An unauthenticated, remote attacker can exploit this to disclose memory contents, cause a denial of service condition, or execute arbitrary code. (CVE-2015-4599, CVE-2015-4600) - Multiple type confusion errors exist within files ext/soap/php_encoding.c, ext/soap/php_http.c, and ext/soap/soap.c that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4601) - A type confusion error exists in the __PHP_Incomplete_Class() function within file ext/standard/incomplete_class.c that allows an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4602) - A type confusion error exists in the exception::getTraceAsString() function within file Zend/zend_exceptions.c that allows a remote attacker to execute arbitrary code. (CVE-2015-4603) - A denial of service vulnerability exists due to a flaw in the bundled libmagic library, specifically in the mget() function within file softmagic.c. The function fails to maintain a certain pointer relationship. An unauthenticated, remote attacker can exploit this, via a crafted string, to crash the application. (CVE-2015-4604) - A denial of service vulnerability exists due to a flaw in the bundled libmagic library, specifically in the mcopy() function within file softmagic.c. The function fails to properly handle an offset that exceeds
    last seen2020-06-01
    modified2020-06-02
    plugin id83034
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83034
    titlePHP 5.5.x < 5.5.24 Multiple Vulnerabilities

Redhat

advisories
  • rhsa
    idRHSA-2015:1135
  • rhsa
    idRHSA-2015:1186
  • rhsa
    idRHSA-2015:1187
  • rhsa
    idRHSA-2015:1218
rpms
  • php54-0:2.0-1.el6
  • php54-0:2.0-1.el7
  • php54-php-0:5.4.40-1.el6
  • php54-php-0:5.4.40-1.el7
  • php54-php-bcmath-0:5.4.40-1.el6
  • php54-php-bcmath-0:5.4.40-1.el7
  • php54-php-cli-0:5.4.40-1.el6
  • php54-php-cli-0:5.4.40-1.el7
  • php54-php-common-0:5.4.40-1.el6
  • php54-php-common-0:5.4.40-1.el7
  • php54-php-dba-0:5.4.40-1.el6
  • php54-php-dba-0:5.4.40-1.el7
  • php54-php-debuginfo-0:5.4.40-1.el6
  • php54-php-debuginfo-0:5.4.40-1.el7
  • php54-php-devel-0:5.4.40-1.el6
  • php54-php-devel-0:5.4.40-1.el7
  • php54-php-enchant-0:5.4.40-1.el6
  • php54-php-enchant-0:5.4.40-1.el7
  • php54-php-fpm-0:5.4.40-1.el6
  • php54-php-fpm-0:5.4.40-1.el7
  • php54-php-gd-0:5.4.40-1.el6
  • php54-php-gd-0:5.4.40-1.el7
  • php54-php-imap-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el7
  • php54-php-ldap-0:5.4.40-1.el6
  • php54-php-ldap-0:5.4.40-1.el7
  • php54-php-mbstring-0:5.4.40-1.el6
  • php54-php-mbstring-0:5.4.40-1.el7
  • php54-php-mysqlnd-0:5.4.40-1.el6
  • php54-php-mysqlnd-0:5.4.40-1.el7
  • php54-php-odbc-0:5.4.40-1.el6
  • php54-php-odbc-0:5.4.40-1.el7
  • php54-php-pdo-0:5.4.40-1.el6
  • php54-php-pdo-0:5.4.40-1.el7
  • php54-php-pecl-zendopcache-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-0:7.0.4-3.el7
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el7
  • php54-php-pgsql-0:5.4.40-1.el6
  • php54-php-pgsql-0:5.4.40-1.el7
  • php54-php-process-0:5.4.40-1.el6
  • php54-php-process-0:5.4.40-1.el7
  • php54-php-pspell-0:5.4.40-1.el6
  • php54-php-pspell-0:5.4.40-1.el7
  • php54-php-recode-0:5.4.40-1.el6
  • php54-php-recode-0:5.4.40-1.el7
  • php54-php-snmp-0:5.4.40-1.el6
  • php54-php-snmp-0:5.4.40-1.el7
  • php54-php-soap-0:5.4.40-1.el6
  • php54-php-soap-0:5.4.40-1.el7
  • php54-php-tidy-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el7
  • php54-php-xmlrpc-0:5.4.40-1.el6
  • php54-php-xmlrpc-0:5.4.40-1.el7
  • php54-runtime-0:2.0-1.el6
  • php54-runtime-0:2.0-1.el7
  • php54-scldevel-0:2.0-1.el6
  • php54-scldevel-0:2.0-1.el7
  • php-0:5.4.16-36.ael7b_1
  • php-0:5.4.16-36.el7_1
  • php-bcmath-0:5.4.16-36.ael7b_1
  • php-bcmath-0:5.4.16-36.el7_1
  • php-cli-0:5.4.16-36.ael7b_1
  • php-cli-0:5.4.16-36.el7_1
  • php-common-0:5.4.16-36.ael7b_1
  • php-common-0:5.4.16-36.el7_1
  • php-dba-0:5.4.16-36.ael7b_1
  • php-dba-0:5.4.16-36.el7_1
  • php-debuginfo-0:5.4.16-36.ael7b_1
  • php-debuginfo-0:5.4.16-36.el7_1
  • php-devel-0:5.4.16-36.ael7b_1
  • php-devel-0:5.4.16-36.el7_1
  • php-embedded-0:5.4.16-36.ael7b_1
  • php-embedded-0:5.4.16-36.el7_1
  • php-enchant-0:5.4.16-36.ael7b_1
  • php-enchant-0:5.4.16-36.el7_1
  • php-fpm-0:5.4.16-36.ael7b_1
  • php-fpm-0:5.4.16-36.el7_1
  • php-gd-0:5.4.16-36.ael7b_1
  • php-gd-0:5.4.16-36.el7_1
  • php-intl-0:5.4.16-36.ael7b_1
  • php-intl-0:5.4.16-36.el7_1
  • php-ldap-0:5.4.16-36.ael7b_1
  • php-ldap-0:5.4.16-36.el7_1
  • php-mbstring-0:5.4.16-36.ael7b_1
  • php-mbstring-0:5.4.16-36.el7_1
  • php-mysql-0:5.4.16-36.ael7b_1
  • php-mysql-0:5.4.16-36.el7_1
  • php-mysqlnd-0:5.4.16-36.ael7b_1
  • php-mysqlnd-0:5.4.16-36.el7_1
  • php-odbc-0:5.4.16-36.ael7b_1
  • php-odbc-0:5.4.16-36.el7_1
  • php-pdo-0:5.4.16-36.ael7b_1
  • php-pdo-0:5.4.16-36.el7_1
  • php-pgsql-0:5.4.16-36.ael7b_1
  • php-pgsql-0:5.4.16-36.el7_1
  • php-process-0:5.4.16-36.ael7b_1
  • php-process-0:5.4.16-36.el7_1
  • php-pspell-0:5.4.16-36.ael7b_1
  • php-pspell-0:5.4.16-36.el7_1
  • php-recode-0:5.4.16-36.ael7b_1
  • php-recode-0:5.4.16-36.el7_1
  • php-snmp-0:5.4.16-36.ael7b_1
  • php-snmp-0:5.4.16-36.el7_1
  • php-soap-0:5.4.16-36.ael7b_1
  • php-soap-0:5.4.16-36.el7_1
  • php-xml-0:5.4.16-36.ael7b_1
  • php-xml-0:5.4.16-36.el7_1
  • php-xmlrpc-0:5.4.16-36.ael7b_1
  • php-xmlrpc-0:5.4.16-36.el7_1
  • php55-php-0:5.5.21-4.el6
  • php55-php-0:5.5.21-4.el7
  • php55-php-bcmath-0:5.5.21-4.el6
  • php55-php-bcmath-0:5.5.21-4.el7
  • php55-php-cli-0:5.5.21-4.el6
  • php55-php-cli-0:5.5.21-4.el7
  • php55-php-common-0:5.5.21-4.el6
  • php55-php-common-0:5.5.21-4.el7
  • php55-php-dba-0:5.5.21-4.el6
  • php55-php-dba-0:5.5.21-4.el7
  • php55-php-debuginfo-0:5.5.21-4.el6
  • php55-php-debuginfo-0:5.5.21-4.el7
  • php55-php-devel-0:5.5.21-4.el6
  • php55-php-devel-0:5.5.21-4.el7
  • php55-php-enchant-0:5.5.21-4.el6
  • php55-php-enchant-0:5.5.21-4.el7
  • php55-php-fpm-0:5.5.21-4.el6
  • php55-php-fpm-0:5.5.21-4.el7
  • php55-php-gd-0:5.5.21-4.el6
  • php55-php-gd-0:5.5.21-4.el7
  • php55-php-gmp-0:5.5.21-4.el6
  • php55-php-gmp-0:5.5.21-4.el7
  • php55-php-imap-0:5.5.21-4.el6
  • php55-php-intl-0:5.5.21-4.el6
  • php55-php-intl-0:5.5.21-4.el7
  • php55-php-ldap-0:5.5.21-4.el6
  • php55-php-ldap-0:5.5.21-4.el7
  • php55-php-mbstring-0:5.5.21-4.el6
  • php55-php-mbstring-0:5.5.21-4.el7
  • php55-php-mysqlnd-0:5.5.21-4.el6
  • php55-php-mysqlnd-0:5.5.21-4.el7
  • php55-php-odbc-0:5.5.21-4.el6
  • php55-php-odbc-0:5.5.21-4.el7
  • php55-php-opcache-0:5.5.21-4.el6
  • php55-php-opcache-0:5.5.21-4.el7
  • php55-php-pdo-0:5.5.21-4.el6
  • php55-php-pdo-0:5.5.21-4.el7
  • php55-php-pgsql-0:5.5.21-4.el6
  • php55-php-pgsql-0:5.5.21-4.el7
  • php55-php-process-0:5.5.21-4.el6
  • php55-php-process-0:5.5.21-4.el7
  • php55-php-pspell-0:5.5.21-4.el6
  • php55-php-pspell-0:5.5.21-4.el7
  • php55-php-recode-0:5.5.21-4.el6
  • php55-php-recode-0:5.5.21-4.el7
  • php55-php-snmp-0:5.5.21-4.el6
  • php55-php-snmp-0:5.5.21-4.el7
  • php55-php-soap-0:5.5.21-4.el6
  • php55-php-soap-0:5.5.21-4.el7
  • php55-php-tidy-0:5.5.21-4.el6
  • php55-php-xml-0:5.5.21-4.el6
  • php55-php-xml-0:5.5.21-4.el7
  • php55-php-xmlrpc-0:5.5.21-4.el6
  • php55-php-xmlrpc-0:5.5.21-4.el7
  • rh-php56-php-0:5.6.5-7.el6
  • rh-php56-php-0:5.6.5-7.el7
  • rh-php56-php-bcmath-0:5.6.5-7.el6
  • rh-php56-php-bcmath-0:5.6.5-7.el7
  • rh-php56-php-cli-0:5.6.5-7.el6
  • rh-php56-php-cli-0:5.6.5-7.el7
  • rh-php56-php-common-0:5.6.5-7.el6
  • rh-php56-php-common-0:5.6.5-7.el7
  • rh-php56-php-dba-0:5.6.5-7.el6
  • rh-php56-php-dba-0:5.6.5-7.el7
  • rh-php56-php-dbg-0:5.6.5-7.el6
  • rh-php56-php-dbg-0:5.6.5-7.el7
  • rh-php56-php-debuginfo-0:5.6.5-7.el6
  • rh-php56-php-debuginfo-0:5.6.5-7.el7
  • rh-php56-php-devel-0:5.6.5-7.el6
  • rh-php56-php-devel-0:5.6.5-7.el7
  • rh-php56-php-embedded-0:5.6.5-7.el6
  • rh-php56-php-embedded-0:5.6.5-7.el7
  • rh-php56-php-enchant-0:5.6.5-7.el6
  • rh-php56-php-enchant-0:5.6.5-7.el7
  • rh-php56-php-fpm-0:5.6.5-7.el6
  • rh-php56-php-fpm-0:5.6.5-7.el7
  • rh-php56-php-gd-0:5.6.5-7.el6
  • rh-php56-php-gd-0:5.6.5-7.el7
  • rh-php56-php-gmp-0:5.6.5-7.el6
  • rh-php56-php-gmp-0:5.6.5-7.el7
  • rh-php56-php-imap-0:5.6.5-7.el6
  • rh-php56-php-intl-0:5.6.5-7.el6
  • rh-php56-php-intl-0:5.6.5-7.el7
  • rh-php56-php-ldap-0:5.6.5-7.el6
  • rh-php56-php-ldap-0:5.6.5-7.el7
  • rh-php56-php-mbstring-0:5.6.5-7.el6
  • rh-php56-php-mbstring-0:5.6.5-7.el7
  • rh-php56-php-mysqlnd-0:5.6.5-7.el6
  • rh-php56-php-mysqlnd-0:5.6.5-7.el7
  • rh-php56-php-odbc-0:5.6.5-7.el6
  • rh-php56-php-odbc-0:5.6.5-7.el7
  • rh-php56-php-opcache-0:5.6.5-7.el6
  • rh-php56-php-opcache-0:5.6.5-7.el7
  • rh-php56-php-pdo-0:5.6.5-7.el6
  • rh-php56-php-pdo-0:5.6.5-7.el7
  • rh-php56-php-pgsql-0:5.6.5-7.el6
  • rh-php56-php-pgsql-0:5.6.5-7.el7
  • rh-php56-php-process-0:5.6.5-7.el6
  • rh-php56-php-process-0:5.6.5-7.el7
  • rh-php56-php-pspell-0:5.6.5-7.el6
  • rh-php56-php-pspell-0:5.6.5-7.el7
  • rh-php56-php-recode-0:5.6.5-7.el6
  • rh-php56-php-recode-0:5.6.5-7.el7
  • rh-php56-php-snmp-0:5.6.5-7.el6
  • rh-php56-php-snmp-0:5.6.5-7.el7
  • rh-php56-php-soap-0:5.6.5-7.el6
  • rh-php56-php-soap-0:5.6.5-7.el7
  • rh-php56-php-tidy-0:5.6.5-7.el6
  • rh-php56-php-xml-0:5.6.5-7.el6
  • rh-php56-php-xml-0:5.6.5-7.el7
  • rh-php56-php-xmlrpc-0:5.6.5-7.el6
  • rh-php56-php-xmlrpc-0:5.6.5-7.el7
  • php-0:5.3.3-46.el6_6
  • php-bcmath-0:5.3.3-46.el6_6
  • php-cli-0:5.3.3-46.el6_6
  • php-common-0:5.3.3-46.el6_6
  • php-dba-0:5.3.3-46.el6_6
  • php-debuginfo-0:5.3.3-46.el6_6
  • php-devel-0:5.3.3-46.el6_6
  • php-embedded-0:5.3.3-46.el6_6
  • php-enchant-0:5.3.3-46.el6_6
  • php-fpm-0:5.3.3-46.el6_6
  • php-gd-0:5.3.3-46.el6_6
  • php-imap-0:5.3.3-46.el6_6
  • php-intl-0:5.3.3-46.el6_6
  • php-ldap-0:5.3.3-46.el6_6
  • php-mbstring-0:5.3.3-46.el6_6
  • php-mysql-0:5.3.3-46.el6_6
  • php-odbc-0:5.3.3-46.el6_6
  • php-pdo-0:5.3.3-46.el6_6
  • php-pgsql-0:5.3.3-46.el6_6
  • php-process-0:5.3.3-46.el6_6
  • php-pspell-0:5.3.3-46.el6_6
  • php-recode-0:5.3.3-46.el6_6
  • php-snmp-0:5.3.3-46.el6_6
  • php-soap-0:5.3.3-46.el6_6
  • php-tidy-0:5.3.3-46.el6_6
  • php-xml-0:5.3.3-46.el6_6
  • php-xmlrpc-0:5.3.3-46.el6_6
  • php-zts-0:5.3.3-46.el6_6