Vulnerabilities > CVE-2015-4148 - Improper Input Validation vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nessus

exploit available

NVD

Published: 2015-06-09

Updated: 2018-01-05

Summary

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X 10.5.5 Apple MAC OS X 10.5.6 Apple MAC OS X 10.5.7 Apple MAC OS X 10.5.8 Apple MAC OS X 10.6.0 Apple MAC OS X 10.6.1 Apple MAC OS X 10.6.2 Apple MAC OS X 10.6.3 Apple MAC OS X 10.6.4 Apple MAC OS X 10.6.5 Apple MAC OS X 10.6.6 Apple MAC OS X 10.6.7 Apple MAC OS X 10.6.8 Apple MAC OS X 10.7.0 Apple MAC OS X 10.7.1 Apple MAC OS X 10.7.2 Apple MAC OS X 10.7.3 Apple MAC OS X 10.7.4 Apple MAC OS X 10.7.5 Apple MAC OS X 10.8.0 Apple MAC OS X 10.8.1 Apple MAC OS X 10.8.2 Apple MAC OS X 10.8.3 Apple MAC OS X 10.8.4 Apple MAC OS X 10.8.5 Apple MAC OS X 10.9 Apple MAC OS X 10.9.1 Apple MAC OS X 10.9.2 Apple MAC OS X 10.9.3 Apple MAC OS X 10.9.4 Apple MAC OS X 10.9.5 Apple MAC OS X 10.10.0 Apple MAC OS X 10.10.1 Apple MAC OS X 10.10.2 Apple MAC OS X 10.10.3 Apple MAC OS X 10.10.4	91
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux HPC Node 7.0 Redhat Enterprise Linux HPC Node EUS 7.1 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server EUS 7.1 Redhat Enterprise Linux Workstation 7.0	6
Application	Php PHP PHP - PHP PHP 0.1 PHP PHP 0.1.1 PHP PHP 0.2 PHP PHP 0.2.0 PHP PHP 0.2.1 PHP PHP 0.2.2 PHP PHP 0.2.3 PHP PHP 0.2.4 PHP PHP 0.3 PHP PHP 0.4 PHP PHP 0.5 PHP PHP 0.5.2 PHP PHP 0.5.3 PHP PHP 0.6 PHP PHP 0.7 PHP PHP 0.9 PHP PHP 0.9.0 PHP PHP 0.9.1 PHP PHP 0.9.2 PHP PHP 0.9.3 PHP PHP 0.9.4 PHP PHP 0.10 PHP PHP 0.11 PHP PHP 0.90 PHP PHP 0.91 PHP PHP 1.0 PHP PHP 1.0.0 PHP PHP 1.0.1 PHP PHP 1.0.2 PHP PHP 1.0.3 PHP PHP 1.0.4 PHP PHP 1.1 PHP PHP 1.1.0 PHP PHP 1.1.1 PHP PHP 1.2 PHP PHP 1.2.0 PHP PHP 1.2.1 PHP PHP 1.2.2 PHP PHP 1.2.3 PHP PHP 1.2.4 PHP PHP 1.2.5 PHP PHP 1.3 PHP PHP 1.3.1 PHP PHP 1.3.5 PHP PHP 1.4 PHP PHP 1.5 PHP PHP 2.0 PHP PHP 2.0.0 PHP PHP 2.0.1 PHP PHP 2.0.2 PHP PHP 2.0B10 PHP PHP 3.0 PHP PHP 3.0.1 PHP PHP 3.0.2 PHP PHP 3.0.3 PHP PHP 3.0.4 PHP PHP 3.0.5 PHP PHP 3.0.6 PHP PHP 3.0.7 PHP PHP 3.0.8 PHP PHP 3.0.9 PHP PHP 3.0.10 PHP PHP 3.0.11 PHP PHP 3.0.12 PHP PHP 3.0.13 PHP PHP 3.0.14 PHP PHP 3.0.15 PHP PHP 3.0.16 PHP PHP 3.0.17 PHP PHP 3.0.18 PHP PHP 4.0 PHP PHP 4.0.0 PHP PHP 4.0.1 PHP PHP 4.0.2 PHP PHP 4.0.3 PHP PHP 4.0.4 PHP PHP 4.0.5 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.1.0 PHP PHP 4.1.1 PHP PHP 4.1.2 PHP PHP 4.1.3 PHP PHP 4.2 PHP PHP 4.2.0 PHP PHP 4.2.1 PHP PHP 4.2.2 PHP PHP 4.2.3 PHP PHP 4.2.4 PHP PHP 4.3 PHP PHP 4.3.0 PHP PHP 4.3.1 PHP PHP 4.3.2 PHP PHP 4.3.3 PHP PHP 4.3.4 PHP PHP 4.3.5 PHP PHP 4.3.6 PHP PHP 4.3.7 PHP PHP 4.3.8 PHP PHP 4.3.9 PHP PHP 4.3.10 PHP PHP 4.3.11 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3 PHP PHP 4.4.4 PHP PHP 4.4.5 PHP PHP 4.4.6 PHP PHP 4.4.7 PHP PHP 4.4.8 PHP PHP 4.4.9 PHP PHP 5.0.0 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.3 PHP PHP 5.0.4 PHP PHP 5.0.5 PHP PHP 5.1 PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 5.1.5 PHP PHP 5.1.6 PHP PHP 5.2.0 PHP PHP 5.2.1 PHP PHP 5.2.2 PHP PHP 5.2.3 PHP PHP 5.2.4 PHP PHP 5.2.5 PHP PHP 5.2.6 PHP PHP 5.2.7 PHP PHP 5.2.8 PHP PHP 5.2.9 PHP PHP 5.2.10 PHP PHP 5.2.11 PHP PHP 5.2.12 PHP PHP 5.2.13 PHP PHP 5.2.14 PHP PHP 5.2.15 PHP PHP 5.2.16 PHP PHP 5.2.17 PHP PHP 5.3.0 PHP PHP 5.3.1 PHP PHP 5.3.2 PHP PHP 5.3.3 PHP PHP 5.3.4 PHP PHP 5.3.5 PHP PHP 5.3.6 PHP PHP 5.3.7 PHP PHP 5.3.8 PHP PHP 5.3.9 PHP PHP 5.3.10 PHP PHP 5.3.11 PHP PHP 5.3.12 PHP PHP 5.3.13 PHP PHP 5.3.14 PHP PHP 5.3.15 PHP PHP 5.3.16 PHP PHP 5.3.17 PHP PHP 5.3.18 PHP PHP 5.3.19 PHP PHP 5.3.20 PHP PHP 5.3.21 PHP PHP 5.3.22 PHP PHP 5.3.23 PHP PHP 5.3.24 PHP PHP 5.3.25 PHP PHP 5.3.26 PHP PHP 5.3.27 PHP PHP 5.3.28 PHP PHP 5.3.29 PHP PHP 5.4.0 PHP PHP 5.4.1 PHP PHP 5.4.2 PHP PHP 5.4.3 PHP PHP 5.4.4 PHP PHP 5.4.5 PHP PHP 5.4.6 PHP PHP 5.4.7 PHP PHP 5.4.8 PHP PHP 5.4.9 PHP PHP 5.4.10 PHP PHP 5.4.11 PHP PHP 5.4.12 PHP PHP 5.4.13 PHP PHP 5.4.14 PHP PHP 5.4.15 PHP PHP 5.4.16 PHP PHP 5.4.17 PHP PHP 5.4.18 PHP PHP 5.4.19 PHP PHP 5.4.20 PHP PHP 5.4.21 PHP PHP 5.4.22 PHP PHP 5.4.23 PHP PHP 5.4.24 PHP PHP 5.4.25 PHP PHP 5.4.26 PHP PHP 5.4.27 PHP PHP 5.4.28 PHP PHP 5.4.29 PHP PHP 5.4.30 PHP PHP 5.4.31 PHP PHP 5.4.32 PHP PHP 5.4.33 PHP PHP 5.4.34 PHP PHP 5.4.35 PHP PHP 5.4.36 PHP PHP 5.4.37 PHP PHP 5.4.38 PHP PHP 5.5.0 PHP PHP 5.5.1 PHP PHP 5.5.2 PHP PHP 5.5.3 PHP PHP 5.5.4 PHP PHP 5.5.5 PHP PHP 5.5.6 PHP PHP 5.5.7 PHP PHP 5.5.8 PHP PHP 5.5.9 PHP PHP 5.5.10 PHP PHP 5.5.11 PHP PHP 5.5.12 PHP PHP 5.5.13 PHP PHP 5.5.14 PHP PHP 5.5.18 PHP PHP 5.5.19 PHP PHP 5.5.20 PHP PHP 5.5.21 PHP PHP 5.5.22 PHP PHP 5.6.0 PHP PHP 5.6.2 PHP PHP 5.6.3 PHP PHP 5.6.4 PHP PHP 5.6.5 PHP PHP 5.6.6	648

Common Weakness Enumeration (CWE)

CWE-20 - Improper Input Validation

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Server Side Include (SSI) Injection
An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
Cross Site Scripting through Log Files
An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
Command Line Execution through SQL Injection
An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Exploit-Db

description	SMF (Simple Machine Forum) <= 2.0.10 - Remote Memory Exfiltration Exploit. CVE-2015-4148. Webapps exploit for php platform
id	EDB-ID:38304
last seen	2016-02-04
modified	2015-09-24
published	2015-09-24
reporter	Filippo Roncari
source	https://www.exploit-db.com/download/38304/
title	SMF Simple Machine Forum <= 2.0.10 - Remote Memory Exfiltration Exploit

Nessus

NASL family	CGI abuses
NASL id	PHP_5_6_7.NASL
description	According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.7. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function
last seen	2020-06-01
modified	2020-06-02
plugin id	82027
published	2015-03-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82027
title	PHP 5.6.x < 5.6.7 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(82027); script_version("1.15"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2015-0231", "CVE-2015-2305", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-2787", "CVE-2015-4147", "CVE-2015-4148" ); script_bugtraq_id( 72539, 73182, 73357, 73381, 73383, 73385, 73431, 73434, 75103 ); script_name(english:"PHP 5.6.x < 5.6.7 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.7. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue is due to an incomplete fix for CVE-2014-8142. (CVE-2015-0231) - An integer overflow error exists in function 'regcomp' in the Henry Spencer regex library, due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2305) - An integer overflow error exists in the '_zip_cdir_new' function, due to improper validation of user-supplied input. An attacker, using a crafted ZIP archive, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-2331) - A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (CVE-2015-2348) - A user-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-2787) - A type confusion vulnerability in the SoapClient's __call() function in ext/soap/soap.c could allow a remote attacker to execute arbitrary code by providing crafted serialized data with an unexpected data type (CVE-2015-4147, CVE-2015-4148) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.6.7"); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=69207"); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68976"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 5.6.7 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4147"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.6)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.6\.") audit(AUDIT_NOT_DETECT, "PHP version 5.6.x", port); if (version =~ "^5\.6\.[0-6]($\|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version + '\n Fixed version : 5.6.7' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2658-1.NASL
description	Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021) Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643) Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service. (CVE-2015-4024) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code. (CVE-2015-4147) Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148) Taoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605) It was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84563
published	2015-07-07
reporter	Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84563
title	Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2658-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(84563); script_version("2.10"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644"); script_bugtraq_id(73357, 74413, 74700, 74902, 74903, 74904, 75056, 75103, 75233, 75241, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292); script_xref(name:"USN", value:"2658-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : php5 vulnerabilities (USN-2658-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021) Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643) Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service. (CVE-2015-4024) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code. (CVE-2015-4147) Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148) Taoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605) It was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2658-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php5-fpm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04\|14\.10\|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10 / 15.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libapache2-mod-php5", pkgver:"5.3.10-1ubuntu3.19")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"php5-cgi", pkgver:"5.3.10-1ubuntu3.19")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"php5-cli", pkgver:"5.3.10-1ubuntu3.19")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"php5-fpm", pkgver:"5.3.10-1ubuntu3.19")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libapache2-mod-php5", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"php5-cgi", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"php5-cli", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"php5-fpm", pkgver:"5.5.9+dfsg-1ubuntu4.11")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"libapache2-mod-php5", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"php5-cgi", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"php5-cli", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"php5-fpm", pkgver:"5.5.12+dfsg-2ubuntu4.6")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"libapache2-mod-php5", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"php5-cgi", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"php5-cli", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++; if (ubuntu_check(osver:"15.04", pkgname:"php5-fpm", pkgver:"5.6.4+dfsg-4ubuntu6.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-419.NASL
description	PHP was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-4148: A type confusion flay in SoapClient could lead to information disclosure [bnc#933227]
last seen	2020-06-05
modified	2015-06-15
plugin id	84185
published	2015-06-15
reporter	This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84185
title	openSUSE Security Update : php5 (openSUSE-2015-419)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-419. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(84185); script_version("2.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-4148"); script_name(english:"openSUSE Security Update : php5 (openSUSE-2015-419)"); script_summary(english:"Check for the openSUSE-2015-419 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "PHP was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-4148: A type confusion flay in SoapClient could lead to information disclosure [bnc#933227]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=933227" ); script_set_attribute(attribute:"solution", value:"Update the affected php5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-curl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-dom-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-exif-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-imap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-intl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-json-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pear"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-phar-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-posix-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-readline-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-soap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zip-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1\|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"apache2-mod_php5-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-bcmath-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-bz2-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-calendar-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-ctype-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-curl-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-dba-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-debugsource-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-devel-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-dom-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-enchant-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-exif-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-fastcgi-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-fileinfo-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-firebird-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-fpm-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-ftp-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-gd-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-gettext-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-gmp-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-iconv-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-imap-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-intl-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-json-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-json-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-ldap-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mbstring-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mcrypt-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mssql-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-mysql-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-odbc-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-openssl-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pcntl-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pdo-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pear-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pgsql-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-phar-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-posix-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-pspell-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-readline-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-shmop-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-snmp-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-soap-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sockets-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sqlite-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-suhosin-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvmsg-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvsem-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-sysvshm-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-tidy-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-tokenizer-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-wddx-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlreader-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlrpc-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xmlwriter-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-xsl-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-zip-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"php5-zlib-debuginfo-5.4.20-58.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"apache2-mod_php5-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bcmath-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-bz2-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-calendar-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ctype-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-curl-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dba-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-debugsource-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-devel-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-dom-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-enchant-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-exif-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fastcgi-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fileinfo-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-firebird-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-fpm-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ftp-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gd-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gettext-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-gmp-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-iconv-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-imap-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-intl-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-json-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-json-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-ldap-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mbstring-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mcrypt-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mssql-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-mysql-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-odbc-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-opcache-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-openssl-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pcntl-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pdo-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pear-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pgsql-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-phar-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-posix-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-pspell-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-readline-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-shmop-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-snmp-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-soap-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sockets-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sqlite-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-suhosin-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvmsg-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvsem-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-sysvshm-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tidy-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-tokenizer-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-wddx-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlreader-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlrpc-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xmlwriter-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-xsl-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zip-debuginfo-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-5.6.1-27.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"php5-zlib-debuginfo-5.6.1-27.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201606-10.NASL
description	The remote host is affected by the vulnerability described in GLSA-201606-10 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	91704
published	2016-06-20
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91704
title	GLSA-201606-10 : PHP: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201606-10. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(91704); script_version("2.3"); script_cvs_date("Date: 2019/04/11 17:23:06"); script_cve_id("CVE-2013-6501", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"); script_xref(name:"GLSA", value:"201606-10"); script_name(english:"GLSA-201606-10 : PHP: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201606-10 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201606-10" ); script_set_attribute( attribute:"solution", value: "All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: # emerge --sync # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33' All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33' All PHP 5.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.19'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:php"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/php", unaffected:make_list("ge 5.6.19", "rge 5.5.33", "rge 5.5.34", "rge 5.5.35", "rge 5.5.36", "rge 5.5.37", "rge 5.5.38"), vulnerable:make_list("lt 5.6.19"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PHP"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1544.NASL
description	According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	124997
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124997
title	EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124997); script_version("1.4"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2013-4248", "CVE-2014-2497", "CVE-2014-3515", "CVE-2014-3668", "CVE-2014-3670", "CVE-2014-9427", "CVE-2014-9705", "CVE-2015-0231", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4024", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2018-10546", "CVE-2018-10548" ); script_bugtraq_id( 61776, 66233, 68237, 70665, 70666, 71833, 72539, 73031, 74700, 74903, 75103, 75233, 75241, 75244, 75249, 75250, 75251, 75252 ); script_name(english:"EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-4021) - An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.(CVE-2014-3668) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4598) - A flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.(CVE-2014-9427) - An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.(CVE-2018-10548) - An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. A remote attacker could use this vulnerability to hang the php process and consume resources.(CVE-2018-10546) - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4248) - A use-after-free flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code.(CVE-2015-0231) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4602) - It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-3412) - The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a 'Python script text executable' rule.(CVE-2015-4605) - A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash.(CVE-2014-9705) - A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.(CVE-2014-3670) - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4148) - A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application.(CVE-2014-3515) - The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a 'Python script text executable' rule.(CVE-2015-4604) - A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file.(CVE-2014-2497) - A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.(CVE-2015-4024) - Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash.(CVE-2015-4599) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4603) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1544 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb62c9b4"); script_set_attribute(attribute:"solution", value: "Update the affected php packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:php-common"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["php-5.4.16-45.h9", "php-cli-5.4.16-45.h9", "php-common-5.4.16-45.h9"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1218.NASL
description	From Red Hat Security Advisory 2015:1218 : Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	84659
published	2015-07-13
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84659
title	Oracle Linux 6 : php (ELSA-2015-1218)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2015-1135.NASL
description	From Red Hat Security Advisory 2015:1135 : Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	84351
published	2015-06-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84351
title	Oracle Linux 7 : php (ELSA-2015-1135)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150709_PHP_ON_SL6_X.NASL
description	A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-03-18
modified	2015-07-13
plugin id	84661
published	2015-07-13
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84661
title	Scientific Linux Security Update : php on SL6.x i386/x86_64 (20150709)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1135.NASL
description	Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	84355
published	2015-06-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84355
title	RHEL 7 : php (RHSA-2015:1135)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1135.NASL
description	Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	84345
published	2015-06-24
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84345
title	CentOS 7 : php (CESA-2015:1135)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-1638-1.NASL
description	This update for php53 to version 5.3.17 fixes the following issues : These security issues were fixed : - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don
last seen	2020-06-01
modified	2020-06-02
plugin id	93161
published	2016-08-29
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93161
title	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1253-1.NASL
description	This security update of PHP fixes the following issues : Security issues fixed : - CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. - CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. - CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. - CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. - CVE-2015-4148 [bnc#933227]: Fixed SoapClient
last seen	2020-03-24
modified	2019-01-02
plugin id	119968
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119968
title	SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_10_5.NASL
description	The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	85408
published	2015-08-17
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/85408
title	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1218.NASL
description	Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	84660
published	2015-07-13
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84660
title	RHEL 6 : php (RHSA-2015:1218)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2015-006.NASL
description	The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - CoreText - FontParser - Libinfo - libxml2 - OpenSSL - perl - PostgreSQL - QL Office - Quartz Composer Framework - QuickTime 7 - SceneKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	85409
published	2015-08-17
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85409
title	Mac OS X Multiple Vulnerabilities (Security Update 2015-006)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-307.NASL
description	- CVE-2015-3307 The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. - CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) - CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. - CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. - CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. - CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. - CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a
last seen	2020-03-17
modified	2015-09-08
plugin id	85808
published	2015-09-08
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/85808
title	Debian DLA-307-1 : php5 security update

NASL family	CGI abuses
NASL id	PHP_5_5_23.NASL
description	According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.23. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function
last seen	2020-06-01
modified	2020-06-02
plugin id	82026
published	2015-03-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82026
title	PHP 5.5.x < 5.5.23 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1265-1.NASL
description	The PHP script interpreter was updated to fix various security issues : CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. CVE-2015-4148 [bnc#933227]: Fixed a SoapClient
last seen	2020-06-01
modified	2020-06-02
plugin id	84897
published	2015-07-21
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84897
title	SUSE SLES11 Security Update : PHP (SUSE-SU-2015:1265-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20150623_PHP_ON_SL7_X.NASL
description	A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-03-18
modified	2015-06-25
plugin id	84394
published	2015-06-25
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84394
title	Scientific Linux Security Update : php on SL7.x x86_64 (20150623)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2015-1218.NASL
description	Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	84648
published	2015-07-13
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84648
title	CentOS 6 : php (CESA-2015:1218)

NASL family	CGI abuses
NASL id	PHP_5_4_39.NASL
description	According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.39. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists related to function
last seen	2020-06-01
modified	2020-06-02
plugin id	82025
published	2015-03-24
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82025
title	PHP 5.4.x < 5.4.39 Multiple Vulnerabilities

Redhat

advisories

rhsa
id RHSA-2015:1053
rhsa
id RHSA-2015:1066
rhsa
id RHSA-2015:1135
rhsa
id RHSA-2015:1218

rpms

php55-0:2.0-1.el6
php55-0:2.0-1.el7
php55-php-0:5.5.21-2.el6
php55-php-0:5.5.21-2.el7
php55-php-bcmath-0:5.5.21-2.el6
php55-php-bcmath-0:5.5.21-2.el7
php55-php-cli-0:5.5.21-2.el6
php55-php-cli-0:5.5.21-2.el7
php55-php-common-0:5.5.21-2.el6
php55-php-common-0:5.5.21-2.el7
php55-php-dba-0:5.5.21-2.el6
php55-php-dba-0:5.5.21-2.el7
php55-php-debuginfo-0:5.5.21-2.el6
php55-php-debuginfo-0:5.5.21-2.el7
php55-php-devel-0:5.5.21-2.el6
php55-php-devel-0:5.5.21-2.el7
php55-php-enchant-0:5.5.21-2.el6
php55-php-enchant-0:5.5.21-2.el7
php55-php-fpm-0:5.5.21-2.el6
php55-php-fpm-0:5.5.21-2.el7
php55-php-gd-0:5.5.21-2.el6
php55-php-gd-0:5.5.21-2.el7
php55-php-gmp-0:5.5.21-2.el6
php55-php-gmp-0:5.5.21-2.el7
php55-php-imap-0:5.5.21-2.el6
php55-php-intl-0:5.5.21-2.el6
php55-php-intl-0:5.5.21-2.el7
php55-php-ldap-0:5.5.21-2.el6
php55-php-ldap-0:5.5.21-2.el7
php55-php-mbstring-0:5.5.21-2.el6
php55-php-mbstring-0:5.5.21-2.el7
php55-php-mysqlnd-0:5.5.21-2.el6
php55-php-mysqlnd-0:5.5.21-2.el7
php55-php-odbc-0:5.5.21-2.el6
php55-php-odbc-0:5.5.21-2.el7
php55-php-opcache-0:5.5.21-2.el6
php55-php-opcache-0:5.5.21-2.el7
php55-php-pdo-0:5.5.21-2.el6
php55-php-pdo-0:5.5.21-2.el7
php55-php-pgsql-0:5.5.21-2.el6
php55-php-pgsql-0:5.5.21-2.el7
php55-php-process-0:5.5.21-2.el6
php55-php-process-0:5.5.21-2.el7
php55-php-pspell-0:5.5.21-2.el6
php55-php-pspell-0:5.5.21-2.el7
php55-php-recode-0:5.5.21-2.el6
php55-php-recode-0:5.5.21-2.el7
php55-php-snmp-0:5.5.21-2.el6
php55-php-snmp-0:5.5.21-2.el7
php55-php-soap-0:5.5.21-2.el6
php55-php-soap-0:5.5.21-2.el7
php55-php-tidy-0:5.5.21-2.el6
php55-php-xml-0:5.5.21-2.el6
php55-php-xml-0:5.5.21-2.el7
php55-php-xmlrpc-0:5.5.21-2.el6
php55-php-xmlrpc-0:5.5.21-2.el7
php55-runtime-0:2.0-1.el6
php55-runtime-0:2.0-1.el7
php55-scldevel-0:2.0-1.el6
php55-scldevel-0:2.0-1.el7
php54-0:2.0-1.el6
php54-0:2.0-1.el7
php54-php-0:5.4.40-1.el6
php54-php-0:5.4.40-1.el7
php54-php-bcmath-0:5.4.40-1.el6
php54-php-bcmath-0:5.4.40-1.el7
php54-php-cli-0:5.4.40-1.el6
php54-php-cli-0:5.4.40-1.el7
php54-php-common-0:5.4.40-1.el6
php54-php-common-0:5.4.40-1.el7
php54-php-dba-0:5.4.40-1.el6
php54-php-dba-0:5.4.40-1.el7
php54-php-debuginfo-0:5.4.40-1.el6
php54-php-debuginfo-0:5.4.40-1.el7
php54-php-devel-0:5.4.40-1.el6
php54-php-devel-0:5.4.40-1.el7
php54-php-enchant-0:5.4.40-1.el6
php54-php-enchant-0:5.4.40-1.el7
php54-php-fpm-0:5.4.40-1.el6
php54-php-fpm-0:5.4.40-1.el7
php54-php-gd-0:5.4.40-1.el6
php54-php-gd-0:5.4.40-1.el7
php54-php-imap-0:5.4.40-1.el6
php54-php-intl-0:5.4.40-1.el6
php54-php-intl-0:5.4.40-1.el7
php54-php-ldap-0:5.4.40-1.el6
php54-php-ldap-0:5.4.40-1.el7
php54-php-mbstring-0:5.4.40-1.el6
php54-php-mbstring-0:5.4.40-1.el7
php54-php-mysqlnd-0:5.4.40-1.el6
php54-php-mysqlnd-0:5.4.40-1.el7
php54-php-odbc-0:5.4.40-1.el6
php54-php-odbc-0:5.4.40-1.el7
php54-php-pdo-0:5.4.40-1.el6
php54-php-pdo-0:5.4.40-1.el7
php54-php-pecl-zendopcache-0:7.0.4-3.el6
php54-php-pecl-zendopcache-0:7.0.4-3.el7
php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el6
php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el7
php54-php-pgsql-0:5.4.40-1.el6
php54-php-pgsql-0:5.4.40-1.el7
php54-php-process-0:5.4.40-1.el6
php54-php-process-0:5.4.40-1.el7
php54-php-pspell-0:5.4.40-1.el6
php54-php-pspell-0:5.4.40-1.el7
php54-php-recode-0:5.4.40-1.el6
php54-php-recode-0:5.4.40-1.el7
php54-php-snmp-0:5.4.40-1.el6
php54-php-snmp-0:5.4.40-1.el7
php54-php-soap-0:5.4.40-1.el6
php54-php-soap-0:5.4.40-1.el7
php54-php-tidy-0:5.4.40-1.el6
php54-php-xml-0:5.4.40-1.el6
php54-php-xml-0:5.4.40-1.el7
php54-php-xmlrpc-0:5.4.40-1.el6
php54-php-xmlrpc-0:5.4.40-1.el7
php54-runtime-0:2.0-1.el6
php54-runtime-0:2.0-1.el7
php54-scldevel-0:2.0-1.el6
php54-scldevel-0:2.0-1.el7
php-0:5.4.16-36.ael7b_1
php-0:5.4.16-36.el7_1
php-bcmath-0:5.4.16-36.ael7b_1
php-bcmath-0:5.4.16-36.el7_1
php-cli-0:5.4.16-36.ael7b_1
php-cli-0:5.4.16-36.el7_1
php-common-0:5.4.16-36.ael7b_1
php-common-0:5.4.16-36.el7_1
php-dba-0:5.4.16-36.ael7b_1
php-dba-0:5.4.16-36.el7_1
php-debuginfo-0:5.4.16-36.ael7b_1
php-debuginfo-0:5.4.16-36.el7_1
php-devel-0:5.4.16-36.ael7b_1
php-devel-0:5.4.16-36.el7_1
php-embedded-0:5.4.16-36.ael7b_1
php-embedded-0:5.4.16-36.el7_1
php-enchant-0:5.4.16-36.ael7b_1
php-enchant-0:5.4.16-36.el7_1
php-fpm-0:5.4.16-36.ael7b_1
php-fpm-0:5.4.16-36.el7_1
php-gd-0:5.4.16-36.ael7b_1
php-gd-0:5.4.16-36.el7_1
php-intl-0:5.4.16-36.ael7b_1
php-intl-0:5.4.16-36.el7_1
php-ldap-0:5.4.16-36.ael7b_1
php-ldap-0:5.4.16-36.el7_1
php-mbstring-0:5.4.16-36.ael7b_1
php-mbstring-0:5.4.16-36.el7_1
php-mysql-0:5.4.16-36.ael7b_1
php-mysql-0:5.4.16-36.el7_1
php-mysqlnd-0:5.4.16-36.ael7b_1
php-mysqlnd-0:5.4.16-36.el7_1
php-odbc-0:5.4.16-36.ael7b_1
php-odbc-0:5.4.16-36.el7_1
php-pdo-0:5.4.16-36.ael7b_1
php-pdo-0:5.4.16-36.el7_1
php-pgsql-0:5.4.16-36.ael7b_1
php-pgsql-0:5.4.16-36.el7_1
php-process-0:5.4.16-36.ael7b_1
php-process-0:5.4.16-36.el7_1
php-pspell-0:5.4.16-36.ael7b_1
php-pspell-0:5.4.16-36.el7_1
php-recode-0:5.4.16-36.ael7b_1
php-recode-0:5.4.16-36.el7_1
php-snmp-0:5.4.16-36.ael7b_1
php-snmp-0:5.4.16-36.el7_1
php-soap-0:5.4.16-36.ael7b_1
php-soap-0:5.4.16-36.el7_1
php-xml-0:5.4.16-36.ael7b_1
php-xml-0:5.4.16-36.el7_1
php-xmlrpc-0:5.4.16-36.ael7b_1
php-xmlrpc-0:5.4.16-36.el7_1
php-0:5.3.3-46.el6_6
php-bcmath-0:5.3.3-46.el6_6
php-cli-0:5.3.3-46.el6_6
php-common-0:5.3.3-46.el6_6
php-dba-0:5.3.3-46.el6_6
php-debuginfo-0:5.3.3-46.el6_6
php-devel-0:5.3.3-46.el6_6
php-embedded-0:5.3.3-46.el6_6
php-enchant-0:5.3.3-46.el6_6
php-fpm-0:5.3.3-46.el6_6
php-gd-0:5.3.3-46.el6_6
php-imap-0:5.3.3-46.el6_6
php-intl-0:5.3.3-46.el6_6
php-ldap-0:5.3.3-46.el6_6
php-mbstring-0:5.3.3-46.el6_6
php-mysql-0:5.3.3-46.el6_6
php-odbc-0:5.3.3-46.el6_6
php-pdo-0:5.3.3-46.el6_6
php-pgsql-0:5.3.3-46.el6_6
php-process-0:5.3.3-46.el6_6
php-pspell-0:5.3.3-46.el6_6
php-recode-0:5.3.3-46.el6_6
php-snmp-0:5.3.3-46.el6_6
php-soap-0:5.3.3-46.el6_6
php-tidy-0:5.3.3-46.el6_6
php-xml-0:5.3.3-46.el6_6
php-xmlrpc-0:5.3.3-46.el6_6
php-zts-0:5.3.3-46.el6_6

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Nessus

Redhat

References