Vulnerabilities > CVE-2015-8935 - Cross-site Scripting vulnerability in PHP

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
php
CWE-79
nessus

Summary

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

Vulnerable Configurations

Part Description Count
Application
Php
650

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Cross-Site Scripting in Error Pages
    An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3045-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873) It was discovered that PHP incorrectly validated certain Exception objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8876) It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use this issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935) It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093) It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095) It was discovered that the PHP fread() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096) It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114) It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. (CVE-2016-5385) Hans Jerry Illikainen discovered that the PHP bzread() function incorrectly performed error handling. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399) It was discovered that certain PHP multibyte string functions incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768) It was discovered that the PHP Mcrypt extension incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773) It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772) It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-6288) It was discovered that PHP incorrectly handled path lengths when extracting certain Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289) It was discovered that PHP incorrectly handled session deserialization. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290) It was discovered that PHP incorrectly handled exif headers when processing certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295) It was discovered that the PHP xmlrpc_encode_request() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296) It was discovered that the PHP php_stream_zip_opener() function incorrectly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92699
    published2016-08-03
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92699
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2013-1.NASL
    descriptionphp53 was updated to fix five security issues. These security issues were fixed : - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93282
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93282
    titleSUSE SLES11 Security Update : php53 (SUSE-SU-2016:2013-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2649.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says
    last seen2020-05-08
    modified2019-12-18
    plugin id132184
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132184
    titleEulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL63712424.NASL
    descriptionThe sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
    last seen2020-06-01
    modified2020-06-02
    plugin id94118
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94118
    titleF5 Networks BIG-IP : PHP vulnerability (SOL63712424)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2221.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.(CVE-2016-2554) - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6831) - The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.(CVE-2015-8935) - The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.(CVE-2015-8867) - Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.(CVE-2015-6832) - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.(CVE-2015-6833) - Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.(CVE-2014-9767) - The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.(CVE-2016-7414) - ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.(CVE-2016-9934) - The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.(CVE-2016-9935) - In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.(CVE-2017-11143) - Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.(CVE-2016-5094) - The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a
    last seen2020-05-08
    modified2019-11-08
    plugin id130683
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130683
    titleEulerOS 2.0 SP5 : php (EulerOS-SA-2019-2221)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2080-1.NASL
    descriptionphp5 was updated to fix the following security issues : - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93293
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93293
    titleSUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2438.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.(CVE-2019-11043) - The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.(CVE-2017-12933) - ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.(CVE-2016-7124) - The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi )abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.(CVE-2015-8382) - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.(CVE-2018-5712) - exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.(CVE-2018-14851) - The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.(CVE-2016-7480) - ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.(CVE-2016-7411) - The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.(CVE-2015-8879) - In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension
    last seen2020-05-08
    modified2019-12-04
    plugin id131592
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131592
    titleEulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-844.NASL
    descriptionShotwell was updated to fix the following issues : - boo#958382: Shotwell did not perform TLS certificate verification when publishing photos to external services
    last seen2020-06-05
    modified2016-03-23
    plugin id90108
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90108
    titleopenSUSE Security Update : shotwell (openSUSE-2016-844)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-921.NASL
    descriptionThis update for php5 fixes the following issues : - It is possible to launch a web server with
    last seen2020-06-05
    modified2016-08-04
    plugin id92714
    published2016-08-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92714
    titleopenSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)

Redhat

advisories
rhsa
idRHSA-2016:2750
rpms
  • php54-0:2.0-1.el6
  • php54-0:2.0-1.el7
  • php54-php-0:5.4.40-1.el6
  • php54-php-0:5.4.40-1.el7
  • php54-php-bcmath-0:5.4.40-1.el6
  • php54-php-bcmath-0:5.4.40-1.el7
  • php54-php-cli-0:5.4.40-1.el6
  • php54-php-cli-0:5.4.40-1.el7
  • php54-php-common-0:5.4.40-1.el6
  • php54-php-common-0:5.4.40-1.el7
  • php54-php-dba-0:5.4.40-1.el6
  • php54-php-dba-0:5.4.40-1.el7
  • php54-php-debuginfo-0:5.4.40-1.el6
  • php54-php-debuginfo-0:5.4.40-1.el7
  • php54-php-devel-0:5.4.40-1.el6
  • php54-php-devel-0:5.4.40-1.el7
  • php54-php-enchant-0:5.4.40-1.el6
  • php54-php-enchant-0:5.4.40-1.el7
  • php54-php-fpm-0:5.4.40-1.el6
  • php54-php-fpm-0:5.4.40-1.el7
  • php54-php-gd-0:5.4.40-1.el6
  • php54-php-gd-0:5.4.40-1.el7
  • php54-php-imap-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el6
  • php54-php-intl-0:5.4.40-1.el7
  • php54-php-ldap-0:5.4.40-1.el6
  • php54-php-ldap-0:5.4.40-1.el7
  • php54-php-mbstring-0:5.4.40-1.el6
  • php54-php-mbstring-0:5.4.40-1.el7
  • php54-php-mysqlnd-0:5.4.40-1.el6
  • php54-php-mysqlnd-0:5.4.40-1.el7
  • php54-php-odbc-0:5.4.40-1.el6
  • php54-php-odbc-0:5.4.40-1.el7
  • php54-php-pdo-0:5.4.40-1.el6
  • php54-php-pdo-0:5.4.40-1.el7
  • php54-php-pecl-zendopcache-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-0:7.0.4-3.el7
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el6
  • php54-php-pecl-zendopcache-debuginfo-0:7.0.4-3.el7
  • php54-php-pgsql-0:5.4.40-1.el6
  • php54-php-pgsql-0:5.4.40-1.el7
  • php54-php-process-0:5.4.40-1.el6
  • php54-php-process-0:5.4.40-1.el7
  • php54-php-pspell-0:5.4.40-1.el6
  • php54-php-pspell-0:5.4.40-1.el7
  • php54-php-recode-0:5.4.40-1.el6
  • php54-php-recode-0:5.4.40-1.el7
  • php54-php-snmp-0:5.4.40-1.el6
  • php54-php-snmp-0:5.4.40-1.el7
  • php54-php-soap-0:5.4.40-1.el6
  • php54-php-soap-0:5.4.40-1.el7
  • php54-php-tidy-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el6
  • php54-php-xml-0:5.4.40-1.el7
  • php54-php-xmlrpc-0:5.4.40-1.el6
  • php54-php-xmlrpc-0:5.4.40-1.el7
  • php54-runtime-0:2.0-1.el6
  • php54-runtime-0:2.0-1.el7
  • php54-scldevel-0:2.0-1.el6
  • php54-scldevel-0:2.0-1.el7
  • rh-php56-0:2.3-1.el6
  • rh-php56-0:2.3-1.el7
  • rh-php56-php-0:5.6.25-1.el6
  • rh-php56-php-0:5.6.25-1.el7
  • rh-php56-php-bcmath-0:5.6.25-1.el6
  • rh-php56-php-bcmath-0:5.6.25-1.el7
  • rh-php56-php-cli-0:5.6.25-1.el6
  • rh-php56-php-cli-0:5.6.25-1.el7
  • rh-php56-php-common-0:5.6.25-1.el6
  • rh-php56-php-common-0:5.6.25-1.el7
  • rh-php56-php-dba-0:5.6.25-1.el6
  • rh-php56-php-dba-0:5.6.25-1.el7
  • rh-php56-php-dbg-0:5.6.25-1.el6
  • rh-php56-php-dbg-0:5.6.25-1.el7
  • rh-php56-php-debuginfo-0:5.6.25-1.el6
  • rh-php56-php-debuginfo-0:5.6.25-1.el7
  • rh-php56-php-devel-0:5.6.25-1.el6
  • rh-php56-php-devel-0:5.6.25-1.el7
  • rh-php56-php-embedded-0:5.6.25-1.el6
  • rh-php56-php-embedded-0:5.6.25-1.el7
  • rh-php56-php-enchant-0:5.6.25-1.el6
  • rh-php56-php-enchant-0:5.6.25-1.el7
  • rh-php56-php-fpm-0:5.6.25-1.el6
  • rh-php56-php-fpm-0:5.6.25-1.el7
  • rh-php56-php-gd-0:5.6.25-1.el6
  • rh-php56-php-gd-0:5.6.25-1.el7
  • rh-php56-php-gmp-0:5.6.25-1.el6
  • rh-php56-php-gmp-0:5.6.25-1.el7
  • rh-php56-php-imap-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el6
  • rh-php56-php-intl-0:5.6.25-1.el7
  • rh-php56-php-ldap-0:5.6.25-1.el6
  • rh-php56-php-ldap-0:5.6.25-1.el7
  • rh-php56-php-mbstring-0:5.6.25-1.el6
  • rh-php56-php-mbstring-0:5.6.25-1.el7
  • rh-php56-php-mysqlnd-0:5.6.25-1.el6
  • rh-php56-php-mysqlnd-0:5.6.25-1.el7
  • rh-php56-php-odbc-0:5.6.25-1.el6
  • rh-php56-php-odbc-0:5.6.25-1.el7
  • rh-php56-php-opcache-0:5.6.25-1.el6
  • rh-php56-php-opcache-0:5.6.25-1.el7
  • rh-php56-php-pdo-0:5.6.25-1.el6
  • rh-php56-php-pdo-0:5.6.25-1.el7
  • rh-php56-php-pear-1:1.9.5-4.el6
  • rh-php56-php-pear-1:1.9.5-4.el7
  • rh-php56-php-pgsql-0:5.6.25-1.el6
  • rh-php56-php-pgsql-0:5.6.25-1.el7
  • rh-php56-php-process-0:5.6.25-1.el6
  • rh-php56-php-process-0:5.6.25-1.el7
  • rh-php56-php-pspell-0:5.6.25-1.el6
  • rh-php56-php-pspell-0:5.6.25-1.el7
  • rh-php56-php-recode-0:5.6.25-1.el6
  • rh-php56-php-recode-0:5.6.25-1.el7
  • rh-php56-php-snmp-0:5.6.25-1.el6
  • rh-php56-php-snmp-0:5.6.25-1.el7
  • rh-php56-php-soap-0:5.6.25-1.el6
  • rh-php56-php-soap-0:5.6.25-1.el7
  • rh-php56-php-tidy-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el6
  • rh-php56-php-xml-0:5.6.25-1.el7
  • rh-php56-php-xmlrpc-0:5.6.25-1.el6
  • rh-php56-php-xmlrpc-0:5.6.25-1.el7
  • rh-php56-runtime-0:2.3-1.el6
  • rh-php56-runtime-0:2.3-1.el7
  • rh-php56-scldevel-0:2.3-1.el6
  • rh-php56-scldevel-0:2.3-1.el7