Vulnerabilities > CVE-2016-5385 - Open Redirect vulnerability in multiple products

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

Vulnerable Configurations

Part Description Count
Application
Oracle
5
Application
Hp
84
Application
Php
226
Application
Drupal
50
OS
Oracle
2
OS
Fedoraproject
2
OS
Hp
1
OS
Redhat
3
OS
Debian
1
OS
Opensuse
1
Hardware
Hp
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fake the Source of Data
    An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

Nessus

  • NASL familyCGI abuses
    NASL idPHP_7_0_9.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.9. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id92556
    published2016-07-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92556
    titlePHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92556);
      script_version("1.11");
      script_cvs_date("Date: 2019/11/19");
    
      script_cve_id(
        "CVE-2016-5385",
        "CVE-2016-5399",
        "CVE-2016-6207",
        "CVE-2016-6289",
        "CVE-2016-6290",
        "CVE-2016-6291",
        "CVE-2016-6292",
        "CVE-2016-6293",
        "CVE-2016-6294",
        "CVE-2016-6295",
        "CVE-2016-6296",
        "CVE-2016-6297"
      );
      script_bugtraq_id(
        91821,
        92051,
        92073,
        92074,
        92078,
        92094,
        92095,
        92097,
        92099
      );
      script_xref(name:"CERT", value:"797896");
      script_xref(name:"EDB-ID", value:"40155");
    
      script_name(english:"PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)");
      script_summary(english:"Checks the version of PHP.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The version of PHP running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of PHP running on the remote web
    server is 7.0.x prior to 7.0.9. It is, therefore, affected by multiple
    vulnerabilities :
    
      - A man-in-the-middle vulnerability exists, known as
        'httpoxy', due to a failure to properly resolve
        namespace conflicts in accordance with RFC 3875 section
        4.1.18. The HTTP_PROXY environment variable is set based
        on untrusted user data in the 'Proxy' header of HTTP
        requests. The HTTP_PROXY environment variable is used by
        some web client libraries to specify a remote proxy
        server. An unauthenticated, remote attacker can exploit
        this, via a crafted 'Proxy' header in an HTTP request,
        to redirect an application's internal HTTP traffic to an
        arbitrary proxy server where it may be observed or
        manipulated. (CVE-2016-5385)
    
      - An overflow condition exists in the php_bz2iop_read()
        function within file ext/bz2/bz2.c due to improper
        handling of error conditions. An unauthenticated, remote
        attacker can exploit this, via a crafted request, to
        execute arbitrary code. (CVE-2016-5399)
    
      - A flaw exists in the GD Graphics Library (libgd),
        specifically in the gdImageScaleTwoPass() function
        within file gd_interpolation.c, due to improper
        validation of user-supplied input. An unauthenticated,
        remote attacker can exploit this to cause a denial of
        service condition. (CVE-2016-6207)
    
      - An integer overflow condition exists in the
        virtual_file_ex() function within file
        Zend/zend_virtual_cwd.c due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to cause a denial of service condition
        or the execution of arbitrary code. (CVE-2016-6289)
    
      - A use-after-free error exists within the file
        ext/session/session.c when handling 'var_hash'
        destruction. An unauthenticated, remote attacker can
        exploit this to deference already freed memory,
        resulting in the execution of arbitrary code.
        (CVE-2016-6290)
    
      - An out-of-bounds read error exists in the
        exif_process_IFD_in_MAKERNOTE() function within file
        ext/exif/exif.c. An unauthenticated, remote attacker can
        exploit this to cause a denial of service condition or
        disclose memory contents. (CVE-2016-6291)
    
      - A NULL pointer dereference flaw exists in the
        exif_process_user_comment() function within file
        ext/exif/exif.c. An unauthenticated, remote attacker can
        exploit this to cause a denial of service condition.
        (CVE-2016-6292)
    
      - Multiple out-of-bounds read errors exist in the
        locale_accept_from_http() function within file
        ext/intl/locale/locale_methods.c. An unauthenticated,
        remote attacker can exploit these to cause a denial of
        service condition or disclose memory contents.
        (CVE-2016-6293, CVE-2016-6294)
    
      - A use-after-free error exists within file
        ext/snmp/snmp.c when handling garbage collection during
        deserialization of user-supplied input. An
        unauthenticated, remote attacker can exploit this to
        deference already freed memory, resulting in the
        execution of arbitrary code. (CVE-2016-6295)
    
      - A heap-based buffer overflow condition exists in the
        simplestring_addn() function within file simplestring.c
        due to improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2016-6296)
    
      - An integer overflow condition exists in the
        php_stream_zip_opener() function within file
        ext/zip/zip_stream.c due to improper validation of
        user-supplied input when handling zip streams. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2016-6297)
    
      - An out-of-bounds read error exists in the GD Graphics
        Library (libgd), specifically in the
        gdImageScaleBilinearPalette() function within file
        gd_interpolation.c, when handling transparent color. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition or disclose
        memory contents.
    
      - A heap-based buffer overflow condition exists in the
        mdecrypt_generic() function within file
        ext/mcrypt/mcrypt.c due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to cause a denial of service condition
        or the execution of arbitrary code.
    
      - A flaw exists in the curl_unescape() function within
        file ext/curl/interface.c when handling string lengths.
        An unauthenticated, remote attacker can exploit this to
        cause heap corruption, resulting in a denial of service
        condition.
    
      - A heap-based buffer overflow condition exists in the
        mcrypt_generic() function within file
        ext/mcrypt/mcrypt.c due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to cause a denial of service condition
        or the execution of arbitrary code.
    
      - A NULL write flaw exists in the GD Graphics Library
        (libgd) in the gdImageColorTransparent() function due to
        improper handling of negative transparent colors. A
        remote attacker can exploit this to disclose memory
        contents.");
      script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-7.php#7.0.9");
      script_set_attribute(attribute:"see_also", value:"https://httpoxy.org");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PHP version 7.0.9 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6296");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/26");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("php_version.nasl");
      script_require_keys("www/PHP");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("webapp_func.inc");
    
    port = get_http_port(default:80, php:TRUE);
    
    php = get_php_from_kb(
      port : port,
      exit_on_fail : TRUE
    );
    
    version = php["ver"];
    source = php["src"];
    
    backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
    
    if (report_paranoia < 2 && backported)
      audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
    
    # Check that it is the correct version of PHP
    if (version =~ "^7(\.0)?$")
      audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
    if (version !~ "^7\.0\.") audit(AUDIT_NOT_DETECT, "PHP version 7.0.x", port);
    
    if (version =~ "^7\.0\." && ver_compare(ver:version, fix:"7.0.9", strict:FALSE) < 0){
      security_report_v4(
      port  : port,
      extra :
        '\n  Version source    : ' + source +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 7.0.9' +
        '\n',
      severity:SECURITY_HOLE
      );
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-4E7DB3D437.NASL
    description## 6.2.1 - 2016-07-18 - Address HTTP_PROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 - Only read up to `Content-Length` in PHP StreamHandler to avoid timeouts when a server does not honor `Connection: close`. - Ignore URI fragment when sending requests. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-29
    plugin id92616
    published2016-07-29
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92616
    titleFedora 24 : php-guzzlehttp-guzzle6 (2016-4e7db3d437) (httpoxy)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-4e7db3d437.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92616);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5385");
      script_xref(name:"FEDORA", value:"2016-4e7db3d437");
    
      script_name(english:"Fedora 24 : php-guzzlehttp-guzzle6 (2016-4e7db3d437) (httpoxy)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "## 6.2.1 - 2016-07-18
    
      - Address HTTP_PROXY security vulnerability,
        CVE-2016-5385: https://httpoxy.org/
    
      - Fixing timeout bug with StreamHandler:
        https://github.com/guzzle/guzzle/pull/1488
    
      - Only read up to `Content-Length` in PHP StreamHandler to
        avoid timeouts when a server does not honor `Connection:
        close`.
    
      - Ignore URI fragment when sending requests.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-4e7db3d437"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected php-guzzlehttp-guzzle6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-guzzlehttp-guzzle6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/29");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"php-guzzlehttp-guzzle6-6.2.1-1.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-guzzlehttp-guzzle6");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-728.NASL
    descriptionA stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. (CVE-2015-8874) An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id92663
    published2016-08-02
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92663
    titleAmazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-728.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92663);
      script_version("2.9");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2015-8874", "CVE-2016-5385", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773");
      script_xref(name:"ALAS", value:"2016-728");
    
      script_name(english:"Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A stack consumption vulnerability in GD in PHP allows remote attackers
    to cause a denial of service via a crafted imagefilltoborder call.
    (CVE-2015-8874)
    
    An integer overflow, leading to a heap-based buffer overflow was found
    in the imagecreatefromgd2() function of PHP's gd extension. A remote
    attacker could use this flaw to crash a PHP application or execute
    arbitrary code with the privileges of the user running that PHP
    application, using gd via a specially crafted GD2 image.
    (CVE-2016-5766)
    
    An integer overflow, leading to a heap-based buffer overflow was found
    in the gdImagePaletteToTrueColor() function of PHP's gd extension. A
    remote attacker could use this flaw to crash a PHP application or
    execute arbitrary code with the privileges of the user running that
    PHP application, using gd via a specially crafted image buffer.
    (CVE-2016-5767)
    
    A double free flaw was found in the mb_ereg_replace_callback()
    function of php which is used to perform regex search. This flaw could
    possibly cause a PHP application to crash. (CVE-2016-5768)
    
    The mcrypt_generic() and mdecrypt_generic() functions are prone to
    integer overflows, resulting in a heap-based overflow. A remote
    attacker could use this flaw to crash a PHP application or execute
    arbitrary code with the privileges of the user running that PHP
    application. (CVE-2016-5769)
    
    A type confusion issue was found in the SPLFileObject fread()
    function. A remote attacker able to submit a specially crafted input
    to a PHP application, which uses this function, could use this flaw to
    execute arbitrary code with the privileges of the user running that
    PHP application. (CVE-2016-5770)
    
    A use-after-free vulnerability that can occur when calling
    unserialize() on untrusted input was discovered. A remote attacker
    could use this flaw to crash a PHP application or execute arbitrary
    code with the privileges of the user running that PHP application if
    the application unserializes untrusted input. (CVE-2016-5771 ,
    CVE-2016-5773)
    
    A double free can occur in wddx_deserialize() when trying to
    deserialize malicious XML input from user's request. This flaw could
    possibly cause a PHP application to crash. (CVE-2016-5772)
    
    It was discovered that PHP did not properly protect against the
    HTTP_PROXY variable name clash. A remote attacker could possibly use
    this flaw to redirect HTTP requests performed by a PHP script to an
    attacker-controlled proxy via a malicious HTTP request.
    (CVE-2016-5385)
    
    (Updated on 2016-08-17: CVE-2016-5385 was fixed in this release but
    was not previously part of this errata)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-728.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update php55' to update your system.
    
    Run 'yum update php56' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php55-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-bcmath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-embedded");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-enchant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-fpm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-gmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-imap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-intl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mbstring");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mssql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-mysqlnd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-opcache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pdo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-process");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-pspell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-recode");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-soap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-tidy");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:php56-xmlrpc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/01");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"php55-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-bcmath-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-cli-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-common-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-dba-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-debuginfo-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-devel-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-embedded-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-enchant-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-fpm-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-gd-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-gmp-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-imap-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-intl-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-ldap-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mbstring-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mcrypt-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mssql-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-mysqlnd-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-odbc-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-opcache-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pdo-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pgsql-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-process-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-pspell-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-recode-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-snmp-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-soap-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-tidy-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-xml-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php55-xmlrpc-5.5.38-1.116.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-bcmath-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-cli-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-common-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dba-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-dbg-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-debuginfo-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-devel-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-embedded-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-enchant-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-fpm-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gd-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-gmp-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-imap-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-intl-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-ldap-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mbstring-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mcrypt-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mssql-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-mysqlnd-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-odbc-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-opcache-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pdo-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pgsql-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-process-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-pspell-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-recode-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-snmp-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-soap-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-tidy-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xml-5.6.24-1.126.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"php56-xmlrpc-5.6.24-1.126.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc");
    }
    
  • NASL familyWeb Servers
    NASL idHPSMH_7_6.NASL
    descriptionAccording to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.6. It is, therefore, affected by the following vulnerabilities : - A heap buffer overflow condition exists in OpenSSL in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105) - A heap buffer overflow condition exists in OpenSSL in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106) - Multiple flaws exist OpenSSL in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic. (CVE-2016-2107) - Multiple unspecified flaws exist in OpenSSL in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory. An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109) - A certificate validation bypass vulnerability exists in cURL and libcurl due to improper validation of TLS certificates. A man-in-the-middle attacker can exploit this, via a spoofed certificate that appears valid, to disclose or manipulate transmitted data. (CVE-2016-3739) - An integer overflow condition exists in PHP in the php_raw_url_encode() function within file ext/standard/url.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-4070) - A flaw exists in PHP in the php_snmp_error() function within file ext/snmp/snmp.c that is triggered when handling format string specifiers. An unauthenticated, remote attacker can exploit this, via a crafted SNMP object, to cause a denial of service or to execute arbitrary code. (CVE-2016-4071) - An invalid memory write error exists in PHP when handling the path of phar file names that allows an attacker to have an unspecified impact. (CVE-2016-4072) - A remote code execution vulnerability exists in PHP in phar_object.c due to improper handling of zero-length uncompressed data. An unauthenticated, remote attacker can exploit this, via a specially crafted TAR, ZIP, or PHAR file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4342) - A remote code execution vulnerability exists in PHP in the phar_make_dirstream() function within file ext/phar/dirstream.c due to improper handling of ././@LongLink files. An unauthenticated, remote attacker can exploit this, via a specially crafted TAR file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4343) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id94654
    published2016-11-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94654
    titleHP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94654);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id(
        "CVE-2016-2105",
        "CVE-2016-2106",
        "CVE-2016-2107",
        "CVE-2016-2109",
        "CVE-2016-3739",
        "CVE-2016-4070",
        "CVE-2016-4071",
        "CVE-2016-4072",
        "CVE-2016-4342",
        "CVE-2016-4343",
        "CVE-2016-4393",
        "CVE-2016-4394",
        "CVE-2016-4395",
        "CVE-2016-4396",
        "CVE-2016-4537",
        "CVE-2016-4538",
        "CVE-2016-4539",
        "CVE-2016-4540",
        "CVE-2016-4541",
        "CVE-2016-4542",
        "CVE-2016-4543",
        "CVE-2016-5385",
        "CVE-2016-5387",
        "CVE-2016-5388"
      );
      script_bugtraq_id(
        85800,
        85801,
        85993,
        87940,
        89154,
        89179,
        89744,
        89757,
        89760,
        89844,
        90172,
        90173,
        90174,
        90726,
        91816,
        91818,
        91821,
        93961
      );
      script_xref(name:"CERT", value:"797896");
      script_xref(name:"EDB-ID", value:"39645");
      script_xref(name:"EDB-ID", value:"39653");
      script_xref(name:"EDB-ID", value:"39768");
      script_xref(name:"HP", value:"HPSBMU03653");
      script_xref(name:"HP", value:"emr_na-c05320149");
      script_xref(name:"HP", value:"PSRT110145");
      script_xref(name:"HP", value:"PSRT110263");
      script_xref(name:"HP", value:"PSRT110115");
      script_xref(name:"HP", value:"PSRT110116");
      script_xref(name:"TRA", value:"TRA-2016-32");
      script_xref(name:"ZDI", value:"ZDI-16-587");
    
      script_name(english:"HP System Management Homepage < 7.6 Multiple Vulnerabilities (HPSBMU03653) (httpoxy)");
      script_summary(english:"Performs a banner check.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of HP System Management Homepage
    (SMH) hosted on the remote web server is prior to 7.6. It is,
    therefore, affected by the following vulnerabilities :
    
      - A heap buffer overflow condition exists in OpenSSL in
        the EVP_EncodeUpdate() function within file
        crypto/evp/encode.c that is triggered when handling
        a large amount of input data. An unauthenticated, remote
        attacker can exploit this to cause a denial of service
        condition. (CVE-2016-2105)
    
      - A heap buffer overflow condition exists in OpenSSL in
        the EVP_EncryptUpdate() function within file
        crypto/evp/evp_enc.c that is triggered when handling a
        large amount of input data after a previous call occurs
        to the same function with a partial block. An
        unauthenticated, remote attacker can exploit this to
        cause a denial of service condition. (CVE-2016-2106)
    
      - Multiple flaws exist OpenSSL in the
        aesni_cbc_hmac_sha1_cipher() function in file
        crypto/evp/e_aes_cbc_hmac_sha1.c and the
        aesni_cbc_hmac_sha256_cipher() function in file
        crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered
        when the connection uses an AES-CBC cipher and AES-NI
        is supported by the server. A man-in-the-middle attacker
        can exploit these to conduct a padding oracle attack,
        resulting in the ability to decrypt the network traffic.
        (CVE-2016-2107)
    
      - Multiple unspecified flaws exist in OpenSSL in the d2i
        BIO functions when reading ASN.1 data from a BIO due to
        invalid encoding causing a large allocation of memory.
        An unauthenticated, remote attacker can exploit these to
        cause a denial of service condition through resource
        exhaustion. (CVE-2016-2109)
    
      - A certificate validation bypass vulnerability exists in
        cURL and libcurl due to improper validation of TLS
        certificates. A man-in-the-middle attacker can exploit
        this, via a spoofed certificate that appears valid, to
        disclose or manipulate transmitted data. (CVE-2016-3739)
    
      - An integer overflow condition exists in PHP in the
        php_raw_url_encode() function within file
        ext/standard/url.c due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this to have an unspecified impact.
        (CVE-2016-4070)
        
      - A flaw exists in PHP in the php_snmp_error() function
        within file ext/snmp/snmp.c that is triggered when
        handling format string specifiers. An unauthenticated,
        remote attacker can exploit this, via a crafted SNMP
        object, to cause a denial of service or to execute
        arbitrary code. (CVE-2016-4071)
    
      - An invalid memory write error exists in PHP when
        handling the path of phar file names that allows an
        attacker to have an unspecified impact. (CVE-2016-4072)
    
      - A remote code execution vulnerability exists in PHP in
        phar_object.c due to improper handling of zero-length
        uncompressed data. An unauthenticated, remote attacker
        can exploit this, via a specially crafted TAR, ZIP, or
        PHAR file, to cause a denial of service condition or the
        execution of arbitrary code. (CVE-2016-4342)
    
      - A remote code execution vulnerability exists in PHP in
        the phar_make_dirstream() function within file
        ext/phar/dirstream.c due to improper handling of
        ././@LongLink files. An unauthenticated, remote attacker
        can exploit this, via a specially crafted TAR file, to
        cause a denial of service condition or the execution of
        arbitrary code. (CVE-2016-4343)
    
      - A cross-site scripting (XSS) vulnerability exists due to
        improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this, via a
        specially crafted request, to execute arbitrary script
        code in a user's browser session. (CVE-2016-4393)
    
      - An unspecified HTTP Strict Transport Security (HSTS)
        bypass vulnerability exists that allows authenticated,
        remote attackers to disclose sensitive information.
        (CVE-2016-4394)
    
      - A remote code execution vulnerability exists due to an
        overflow condition in the mod_smh_config.so library
        caused by improper validation of user-supplied input
        when parsing the admin-group parameter supplied to the
        /proxy/SetSMHData endpoint. An unauthenticated, remote
        attacker can exploit this, via a specially crafted
        request, to cause a denial of service condition or the
        execution of arbitrary code. (CVE-2016-4395)
    
      - A remote code execution vulnerability exists due to an
        overflow condition in the mod_smh_config.so library
        caused by improper validation of user-supplied input
        when parsing the TKN parameter supplied to the
        /Proxy/SSO endpoint. An unauthenticated, remote
        attacker can exploit this, via a specially crafted
        request, to cause a denial of service condition or the
        execution of arbitrary code. (CVE-2016-4396)
    
      - An out-of-bounds read error exists in PHP in the
        php_str2num() function in bcmath.c when handling
        negative scales. An unauthenticated, remote attacker can
        exploit this, via a crafted call, to cause a denial of
        service condition or the disclosure of memory contents.
        (CVE-2016-4537)
    
      - A flaw exists in PHP the bcpowmod() function in bcmath.c
        due to modifying certain data structures without
        considering whether they are copies of the _zero_,
        _one_, or _two_ global variables. An unauthenticated,
        remote attacker can exploit this, via a crafted call, to
        cause a denial of service condition. (CVE-2016-4538)
    
      - A flaw exists in PHP in the xml_parse_into_struct()
        function in xml.c when handling specially crafted XML
        contents. An unauthenticated, remote attacker can
        exploit this to cause a denial of service condition.
        (CVE-2016-4539)
    
      - Multiple out-of-bounds read errors exist in PHP within
        file ext/intl/grapheme/grapheme_string.c when handling
        negative offsets in the zif_grapheme_stripos() and
        zif_grapheme_strpos() functions. An unauthenticated,
        remote attacker can exploit these issues to cause a
        denial of service condition or disclose memory contents.
        (CVE-2016-4540, CVE-2016-4541)
    
      - A flaw exists in PHP in the exif_process_IFD_TAG()
        function in exif.c due to improper construction of
        spprintf arguments. An unauthenticated, remote attacker
        can exploit this, via crafted header data, to cause an
        out-of-bounds read error, resulting in a denial of
        service condition or the disclosure of memory contents.
        (CVE-2016-4542)
    
      - A flaw exists in PHP in the exif_process_IFD_in_JPEG()
        function in exif.c due to improper validation of IFD
        sizes. An unauthenticated, remote attacker can exploit
        this, via crafted header data, to cause an out-of-bounds
        read error, resulting in a denial of service condition
        or the disclosure of memory contents. (CVE-2016-4543)
    
      - A man-in-the-middle vulnerability exists, known as
        'httpoxy', in the Apache Tomcat, Apache HTTP Server, and
        PHP components due to a failure to properly resolve
        namespace conflicts in accordance with RFC 3875 section
        4.1.18. The HTTP_PROXY environment variable is set based
        on untrusted user data in the 'Proxy' header of HTTP
        requests. The HTTP_PROXY environment variable is used by
        some web client libraries to specify a remote proxy
        server. A remote attacker can exploit this, via a
        crafted 'Proxy' header in an HTTP request, to redirect
        an application's internal HTTP traffic to an arbitrary
        proxy server where it may be observed or manipulated.
        (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b7e1b347");
      script_set_attribute(attribute:"see_also", value:"https://httpoxy.org");
      script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2016-32");
      script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-16-587/");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to HP System Management Homepage (SMH) version 7.6 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4342");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/09");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("compaq_wbem_detect.nasl", "os_fingerprint.nasl");
      script_require_keys("www/hp_smh");
      script_require_ports("Services/www", 2301, 2381);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("install_func.inc");
    
    # Only Linux and Windows are affected -- HP-UX is not mentioned
    os = get_kb_item_or_exit("Host/OS");
    if ("Windows" >!< os && "Linux" >!< os) audit(AUDIT_OS_NOT, "Windows or Linux", os);
    
    port = get_http_port(default:2381, embedded:TRUE);
    app = "hp_smh";
    get_install_count(app_name:app, exit_if_zero:TRUE);
    
    install = get_single_install(
      app_name : app,
      port     : port,
      exit_if_unknown_ver : TRUE
    );
    
    dir = install['dir'];
    version = install['version'];
    prod = get_kb_item_or_exit("www/"+port+"/hp_smh/variant");
    source_line = get_kb_item("www/"+port+"/hp_smh/source");
    
    if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, prod, build_url(port:port, qs:dir+"/") );
    
    # nb: 'version' can have non-numeric characters in it so we'll create
    #     an alternate form and make sure that's safe for use in 'ver_compare()'.
    version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version);
    if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt))
      audit(AUDIT_VER_FORMAT, version);
    
    if (ver_compare(ver:version_alt, fix:"7.6", strict:FALSE) == -1)
    {
      report = '\n  Product           : ' + prod;
      if (!isnull(source_line))
        report += '\n  Version source    : ' + source_line;
      report +=
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 7.6' +
        '\n';
    
      security_report_v4(severity:SECURITY_HOLE, port:port, extra:report, xss:TRUE);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-203-02.NASL
    descriptionNew php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92499
    published2016-07-22
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92499
    titleSlackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-203-02) (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2016-203-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92499);
      script_version("$Revision: 2.3 $");
      script_cvs_date("$Date: 2016/10/24 13:46:12 $");
    
      script_cve_id("CVE-2016-5385", "CVE-2016-6207");
      script_xref(name:"SSA", value:"2016-203-02");
    
      script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-203-02) (httpoxy)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New php packages are available for Slackware 14.0, 14.1, 14.2, and
    -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.425458
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d89b3856"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected php package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:php");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/21");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"php", pkgver:"5.6.24", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"php", pkgver:"5.6.24", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"php", pkgver:"5.6.24", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"php", pkgver:"5.6.24", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"php", pkgver:"5.6.24", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"php", pkgver:"5.6.24", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"php", pkgver:"5.6.24", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"php", pkgver:"5.6.24", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3045-1.NASL
    descriptionIt was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP incorrectly handled recursive method calls. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873) It was discovered that PHP incorrectly validated certain Exception objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8876) It was discovered that PHP header() function performed insufficient filtering for Internet Explorer. A remote attacker could possibly use this issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935) It was discovered that PHP incorrectly handled certain locale operations. An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093) It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095) It was discovered that the PHP fread() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096) It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114) It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. (CVE-2016-5385) Hans Jerry Illikainen discovered that the PHP bzread() function incorrectly performed error handling. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399) It was discovered that certain PHP multibyte string functions incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768) It was discovered that the PHP Mcrypt extension incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773) It was discovered that PHP incorrectly handled memory when unserializing malicious xml data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5772) It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-6288) It was discovered that PHP incorrectly handled path lengths when extracting certain Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289) It was discovered that PHP incorrectly handled session deserialization. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290) It was discovered that PHP incorrectly handled exif headers when processing certain JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291, CVE-2016-6292) It was discovered that PHP incorrectly handled certain locale operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6294) It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295) It was discovered that the PHP xmlrpc_encode_request() function incorrectly handled certain lengths. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296) It was discovered that the PHP php_stream_zip_opener() function incorrectly handled memory. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6297). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92699
    published2016-08-03
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92699
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)
  • NASL familyCGI abuses
    NASL idPHP_5_5_38.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.38. It is, therefore, affected by multiple vulnerabilities : - A Segfault condition occurs when accessing nvarchar(max) defined columns. (CVE-2015-8879) - A man-in-the-middle vulnerability exists, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id92554
    published2016-07-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92554
    titlePHP 5.5.x < 5.5.38 Multiple Vulnerabilities (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-8EB11666AA.NASL
    description21 Jul 2016, **PHP 5.6.24** **Core:** - Fixed bug php#71936 (Segmentation fault destroying HTTP_RAW_POST_DATA). (mike dot laspina at gmail dot com, Remi) - Fixed bug php#72496 (Cannot declare public method with signature incompatible with parent private method). (Pedro Magalh&atilde;es) - Fixed bug php#72138 (Integer Overflow in Length of String-typed ZVAL). (Stas) - Fixed bug php#72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (loianhtuan at gmail dot com) - Fixed bug php#72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (taoguangchen at icloud dot com) - Fixed bug php#72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385) (Stas) **bz2:** - Fixed bug php#72447 (Type Confusion in php_bz2_filter_create()). (gogil at stealien dot com). - Fixed bug php#72613 (Inadequate error handling in bzread()). (Stas) **EXIF:** - Fixed bug php#50845 (exif_read_data() returns corrupted exif headers). (Bartosz Dziewo&#x144;ski) - Fixed bug php#72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas) - Fixed bug #72618 (NULL pointer Dereference in exif_process_user_comment). (Stas) **Intl:** - Fixed bug php#72533 (locale_accept_from_http out-of-bounds access). (Stas) **ODBC:** - Fixed bug php#69975 (PHP segfaults when accessing nvarchar(max) defined columns) **OpenSSL:** - Fixed bug php#71915 (openssl_random_pseudo_bytes is not fork-safe). (Jakub Zelenka) - Fixed bug php#72336 (openssl_pkey_new does not fail for invalid DSA params). (Jakub Zelenka) **SNMP:** - Fixed bug php#72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (taoguangchen at icloud dot com) **SPL:** - Fixed bug php#55701 (GlobIterator throws LogicException). (Valentin V&#x102;LCIU) **SQLite3:** - Fixed bug php#70628 (Clearing bindings on a SQLite3 statement doesn
    last seen2020-06-05
    modified2016-08-01
    plugin id92648
    published2016-08-01
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92648
    titleFedora 24 : php (2016-8eb11666aa) (httpoxy)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1613.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es) : * Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758)
    last seen2020-06-01
    modified2020-06-02
    plugin id92941
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92941
    titleRHEL 7 : php (RHSA-2016:1613) (httpoxy)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-1609.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id92872
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92872
    titleCentOS 6 : php (CESA-2016:1609) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2941-1.NASL
    descriptionThis update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-24
    modified2019-01-02
    plugin id119987
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119987
    titleSUSE SLES12 Security Update : php7 (SUSE-SU-2016:2941-1) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1440.NASL
    descriptionThis update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-12-13
    plugin id95746
    published2016-12-13
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95746
    titleopenSUSE Security Update : php7 (openSUSE-2016-1440) (httpoxy)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-749.NASL
    descriptionCVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application
    last seen2020-03-17
    modified2016-12-20
    plugin id96010
    published2016-12-20
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96010
    titleDebian DLA-749-1 : php5 security update (httpoxy)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3631.NASL
    descriptionSeveral vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information :
    last seen2020-06-01
    modified2020-06-02
    plugin id92573
    published2016-07-27
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92573
    titleDebian DSA-3631-1 : php5 - security update (httpoxy)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-1613.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es) : * Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758)
    last seen2020-06-01
    modified2020-06-02
    plugin id92952
    published2016-08-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92952
    titleCentOS 7 : php (CESA-2016:1613) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-CD2BD0800F.NASL
    description21 Jul 2016, **PHP 5.6.24** **Core:** - Fixed bug php#71936 (Segmentation fault destroying HTTP_RAW_POST_DATA). (mike dot laspina at gmail dot com, Remi) - Fixed bug php#72496 (Cannot declare public method with signature incompatible with parent private method). (Pedro Magalh&atilde;es) - Fixed bug php#72138 (Integer Overflow in Length of String-typed ZVAL). (Stas) - Fixed bug php#72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (loianhtuan at gmail dot com) - Fixed bug php#72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (taoguangchen at icloud dot com) - Fixed bug php#72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385) (Stas) **bz2:** - Fixed bug php#72447 (Type Confusion in php_bz2_filter_create()). (gogil at stealien dot com). - Fixed bug php#72613 (Inadequate error handling in bzread()). (Stas) **EXIF:** - Fixed bug php#50845 (exif_read_data() returns corrupted exif headers). (Bartosz Dziewo&#x144;ski) - Fixed bug php#72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas) - Fixed bug #72618 (NULL pointer Dereference in exif_process_user_comment). (Stas) **Intl:** - Fixed bug php#72533 (locale_accept_from_http out-of-bounds access). (Stas) **ODBC:** - Fixed bug php#69975 (PHP segfaults when accessing nvarchar(max) defined columns) **OpenSSL:** - Fixed bug php#71915 (openssl_random_pseudo_bytes is not fork-safe). (Jakub Zelenka) - Fixed bug php#72336 (openssl_pkey_new does not fail for invalid DSA params). (Jakub Zelenka) **SNMP:** - Fixed bug php#72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (taoguangchen at icloud dot com) **SPL:** - Fixed bug php#55701 (GlobIterator throws LogicException). (Valentin V&#x102;LCIU) **SQLite3:** - Fixed bug php#70628 (Clearing bindings on a SQLite3 statement doesn
    last seen2020-06-05
    modified2016-08-01
    plugin id92650
    published2016-08-01
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92650
    titleFedora 23 : php (2016-cd2bd0800f) (httpoxy)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201611-22.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201611-22 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker can possibly execute arbitrary code or create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id95421
    published2016-12-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95421
    titleGLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)
  • NASL familyCGI abuses
    NASL idDRUPAL_8_1_7.NASL
    descriptionThe version of Drupal running on the remote web server is 8.x prior to 8.1.7. It is, therefore, affected by a man-in-the-middle vulnerability known as
    last seen2020-06-01
    modified2020-06-02
    plugin id92495
    published2016-07-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92495
    titleDrupal 8.x < 8.1.7 PHP HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160811_PHP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. (CVE-2016-5385) Bug Fix(es) : - Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected.
    last seen2020-03-18
    modified2016-08-17
    plugin id92997
    published2016-08-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92997
    titleScientific Linux Security Update : php on SL7.x x86_64 (20160811) (httpoxy)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-1613.NASL
    descriptionFrom Red Hat Security Advisory 2016:1613 : An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es) : * Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758)
    last seen2020-06-01
    modified2020-06-02
    plugin id92937
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92937
    titleOracle Linux 7 : php (ELSA-2016-1613) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-AEF8A45AFE.NASL
    description## 5.3.1 - 2016-07-18 - Address HTTP_PROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e3 12fe113ec3acbcda31b2622e - Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40dd c6712faee4d3957a91f2b041 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-29
    plugin id92619
    published2016-07-29
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92619
    titleFedora 24 : php-guzzlehttp-guzzle (2016-aef8a45afe) (httpoxy)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160811_PHP_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. (CVE-2016-5385)
    last seen2020-03-18
    modified2016-08-15
    plugin id92965
    published2016-08-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92965
    titleScientific Linux Security Update : php on SL6.x i386/x86_64 (20160811) (httpoxy)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-1609.NASL
    descriptionFrom Red Hat Security Advisory 2016:1609 : An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id92936
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92936
    titleOracle Linux 6 : php (ELSA-2016-1609) (httpoxy)
  • NASL familyWeb Servers
    NASL idHTTP_HTTPOXY.NASL
    descriptionThe web application running on the remote web server is affected by a man-in-the-middle vulnerability known as
    last seen2020-06-01
    modified2020-06-02
    plugin id92539
    published2016-07-25
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92539
    titleHTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B6402385533B11E6A7BD14DAE9D210B8.NASL
    descriptionPHP reports : - Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns) - Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). - Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access). - Fixed bug #72519 (imagegif/output out-of-bounds access). - Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). - Fixed bug #72533 (locale_accept_from_http out-of-bounds access). - Fixed bug #72541 (size_t overflow lead to heap corruption). - Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic). - Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()). - Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). - Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). - Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). - Fixed bug #72613 (Inadequate error handling in bzread()). - Fixed bug #72618 (NULL pointer Dereference in exif_process_user_comment).
    last seen2020-06-01
    modified2020-06-02
    plugin id92574
    published2016-07-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92574
    titleFreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an
    last seen2020-06-01
    modified2020-06-02
    plugin id101837
    published2017-07-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101837
    titleOracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)
  • NASL familyCGI abuses
    NASL idPHP_5_6_24.NASL
    descriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.24. It is, therefore, affected by multiple vulnerabilities : - A man-in-the-middle vulnerability exists, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id92555
    published2016-07-26
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92555
    titlePHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-921.NASL
    descriptionThis update for php5 fixes the following issues : - It is possible to launch a web server with
    last seen2020-06-05
    modified2016-08-04
    plugin id92714
    published2016-08-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92714
    titleopenSUSE Security Update : php5 (openSUSE-2016-921) (httpoxy)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1609.NASL
    descriptionAn update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es) : * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id92940
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92940
    titleRHEL 6 : php (RHSA-2016:1609) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-9C8CF5912C.NASL
    description## 6.2.1 - 2016-07-18 - Address HTTP_PROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 - Only read up to `Content-Length` in PHP StreamHandler to avoid timeouts when a server does not honor `Connection: close`. - Ignore URI fragment when sending requests. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-29
    plugin id92618
    published2016-07-29
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92618
    titleFedora 23 : php-guzzlehttp-guzzle6 (2016-9c8cf5912c) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-E2C8F5F95A.NASL
    description## 5.3.1 - 2016-07-18 - Address HTTP_PROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Event name fix: https://github.com/guzzle/guzzle/commit/fcae91ff31de41e3 12fe113ec3acbcda31b2622e - Response header case sensitivity fix: https://github.com/guzzle/guzzle/commit/043eeadf20ee40dd c6712faee4d3957a91f2b041 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-29
    plugin id92621
    published2016-07-29
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92621
    titleFedora 23 : php-guzzlehttp-guzzle (2016-e2c8f5f95a) (httpoxy)

Redhat

advisories
  • bugzilla
    id1353794
    titleCVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentphp-soap is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609001
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-process is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609003
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-zts is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609005
          • commentphp-zts is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195032
        • AND
          • commentphp-snmp is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609007
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-devel is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609009
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-dba is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609011
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-pdo is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609013
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-bcmath is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609015
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp-odbc is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609017
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-intl is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609019
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp-enchant is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609021
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-pgsql is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609023
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-xml is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609025
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-imap is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609027
          • commentphp-imap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195040
        • AND
          • commentphp-mbstring is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609029
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-gd is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609031
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-mysql is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609033
          • commentphp-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195006
        • AND
          • commentphp-xmlrpc is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609035
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-ldap is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609037
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-tidy is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609039
          • commentphp-tidy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195036
        • AND
          • commentphp-embedded is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609041
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609043
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
        • AND
          • commentphp-fpm is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609045
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-recode is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609047
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-pspell is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609049
          • commentphp-pspell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195026
        • AND
          • commentphp-cli is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609051
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp-common is earlier than 0:5.3.3-48.el6_8
            ovaloval:com.redhat.rhsa:tst:20161609053
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
    rhsa
    idRHSA-2016:1609
    released2016-08-11
    severityModerate
    titleRHSA-2016:1609: php security update (Moderate)
  • bugzilla
    id1353794
    titleCVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentphp-mysql is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613001
          • commentphp-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195006
        • AND
          • commentphp-dba is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613003
          • commentphp-dba is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195034
        • AND
          • commentphp-pdo is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613005
          • commentphp-pdo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195024
        • AND
          • commentphp-mbstring is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613007
          • commentphp-mbstring is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195044
        • AND
          • commentphp-enchant is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613009
          • commentphp-enchant is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195030
        • AND
          • commentphp-devel is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613011
          • commentphp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195052
        • AND
          • commentphp-soap is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613013
          • commentphp-soap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195010
        • AND
          • commentphp-xml is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613015
          • commentphp-xml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195020
        • AND
          • commentphp-snmp is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613017
          • commentphp-snmp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195038
        • AND
          • commentphp-odbc is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613019
          • commentphp-odbc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195004
        • AND
          • commentphp-pgsql is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613021
          • commentphp-pgsql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195022
        • AND
          • commentphp-common is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613023
          • commentphp-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195014
        • AND
          • commentphp-cli is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613025
          • commentphp-cli is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195002
        • AND
          • commentphp-gd is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613027
          • commentphp-gd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195008
        • AND
          • commentphp-mysqlnd is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613029
          • commentphp-mysqlnd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141013034
        • AND
          • commentphp-recode is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613031
          • commentphp-recode is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195042
        • AND
          • commentphp-ldap is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613033
          • commentphp-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195012
        • AND
          • commentphp-intl is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613035
          • commentphp-intl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195050
        • AND
          • commentphp is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613037
          • commentphp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195018
        • AND
          • commentphp-process is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613039
          • commentphp-process is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195028
        • AND
          • commentphp-xmlrpc is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613041
          • commentphp-xmlrpc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195016
        • AND
          • commentphp-embedded is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613043
          • commentphp-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195046
        • AND
          • commentphp-fpm is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613045
          • commentphp-fpm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20130514038
        • AND
          • commentphp-bcmath is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613047
          • commentphp-bcmath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195048
        • AND
          • commentphp-pspell is earlier than 0:5.4.16-36.3.el7_2
            ovaloval:com.redhat.rhsa:tst:20161613049
          • commentphp-pspell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110195026
    rhsa
    idRHSA-2016:1613
    released2016-08-11
    severityModerate
    titleRHSA-2016:1613: php security and bug fix update (Moderate)
  • rhsa
    idRHSA-2016:1610
  • rhsa
    idRHSA-2016:1611
  • rhsa
    idRHSA-2016:1612
rpms
  • php-0:5.3.3-48.el6_8
  • php-bcmath-0:5.3.3-48.el6_8
  • php-cli-0:5.3.3-48.el6_8
  • php-common-0:5.3.3-48.el6_8
  • php-dba-0:5.3.3-48.el6_8
  • php-debuginfo-0:5.3.3-48.el6_8
  • php-devel-0:5.3.3-48.el6_8
  • php-embedded-0:5.3.3-48.el6_8
  • php-enchant-0:5.3.3-48.el6_8
  • php-fpm-0:5.3.3-48.el6_8
  • php-gd-0:5.3.3-48.el6_8
  • php-imap-0:5.3.3-48.el6_8
  • php-intl-0:5.3.3-48.el6_8
  • php-ldap-0:5.3.3-48.el6_8
  • php-mbstring-0:5.3.3-48.el6_8
  • php-mysql-0:5.3.3-48.el6_8
  • php-odbc-0:5.3.3-48.el6_8
  • php-pdo-0:5.3.3-48.el6_8
  • php-pgsql-0:5.3.3-48.el6_8
  • php-process-0:5.3.3-48.el6_8
  • php-pspell-0:5.3.3-48.el6_8
  • php-recode-0:5.3.3-48.el6_8
  • php-snmp-0:5.3.3-48.el6_8
  • php-soap-0:5.3.3-48.el6_8
  • php-tidy-0:5.3.3-48.el6_8
  • php-xml-0:5.3.3-48.el6_8
  • php-xmlrpc-0:5.3.3-48.el6_8
  • php-zts-0:5.3.3-48.el6_8
  • php54-php-0:5.4.40-4.el6
  • php54-php-0:5.4.40-4.el7
  • php54-php-bcmath-0:5.4.40-4.el6
  • php54-php-bcmath-0:5.4.40-4.el7
  • php54-php-cli-0:5.4.40-4.el6
  • php54-php-cli-0:5.4.40-4.el7
  • php54-php-common-0:5.4.40-4.el6
  • php54-php-common-0:5.4.40-4.el7
  • php54-php-dba-0:5.4.40-4.el6
  • php54-php-dba-0:5.4.40-4.el7
  • php54-php-debuginfo-0:5.4.40-4.el6
  • php54-php-debuginfo-0:5.4.40-4.el7
  • php54-php-devel-0:5.4.40-4.el6
  • php54-php-devel-0:5.4.40-4.el7
  • php54-php-enchant-0:5.4.40-4.el6
  • php54-php-enchant-0:5.4.40-4.el7
  • php54-php-fpm-0:5.4.40-4.el6
  • php54-php-fpm-0:5.4.40-4.el7
  • php54-php-gd-0:5.4.40-4.el6
  • php54-php-gd-0:5.4.40-4.el7
  • php54-php-imap-0:5.4.40-4.el6
  • php54-php-intl-0:5.4.40-4.el6
  • php54-php-intl-0:5.4.40-4.el7
  • php54-php-ldap-0:5.4.40-4.el6
  • php54-php-ldap-0:5.4.40-4.el7
  • php54-php-mbstring-0:5.4.40-4.el6
  • php54-php-mbstring-0:5.4.40-4.el7
  • php54-php-mysqlnd-0:5.4.40-4.el6
  • php54-php-mysqlnd-0:5.4.40-4.el7
  • php54-php-odbc-0:5.4.40-4.el6
  • php54-php-odbc-0:5.4.40-4.el7
  • php54-php-pdo-0:5.4.40-4.el6
  • php54-php-pdo-0:5.4.40-4.el7
  • php54-php-pgsql-0:5.4.40-4.el6
  • php54-php-pgsql-0:5.4.40-4.el7
  • php54-php-process-0:5.4.40-4.el6
  • php54-php-process-0:5.4.40-4.el7
  • php54-php-pspell-0:5.4.40-4.el6
  • php54-php-pspell-0:5.4.40-4.el7
  • php54-php-recode-0:5.4.40-4.el6
  • php54-php-recode-0:5.4.40-4.el7
  • php54-php-snmp-0:5.4.40-4.el6
  • php54-php-snmp-0:5.4.40-4.el7
  • php54-php-soap-0:5.4.40-4.el6
  • php54-php-soap-0:5.4.40-4.el7
  • php54-php-tidy-0:5.4.40-4.el6
  • php54-php-xml-0:5.4.40-4.el6
  • php54-php-xml-0:5.4.40-4.el7
  • php54-php-xmlrpc-0:5.4.40-4.el6
  • php54-php-xmlrpc-0:5.4.40-4.el7
  • php55-php-0:5.5.21-5.el6
  • php55-php-0:5.5.21-5.el7
  • php55-php-bcmath-0:5.5.21-5.el6
  • php55-php-bcmath-0:5.5.21-5.el7
  • php55-php-cli-0:5.5.21-5.el6
  • php55-php-cli-0:5.5.21-5.el7
  • php55-php-common-0:5.5.21-5.el6
  • php55-php-common-0:5.5.21-5.el7
  • php55-php-dba-0:5.5.21-5.el6
  • php55-php-dba-0:5.5.21-5.el7
  • php55-php-debuginfo-0:5.5.21-5.el6
  • php55-php-debuginfo-0:5.5.21-5.el7
  • php55-php-devel-0:5.5.21-5.el6
  • php55-php-devel-0:5.5.21-5.el7
  • php55-php-enchant-0:5.5.21-5.el6
  • php55-php-enchant-0:5.5.21-5.el7
  • php55-php-fpm-0:5.5.21-5.el6
  • php55-php-fpm-0:5.5.21-5.el7
  • php55-php-gd-0:5.5.21-5.el6
  • php55-php-gd-0:5.5.21-5.el7
  • php55-php-gmp-0:5.5.21-5.el6
  • php55-php-gmp-0:5.5.21-5.el7
  • php55-php-imap-0:5.5.21-5.el6
  • php55-php-intl-0:5.5.21-5.el6
  • php55-php-intl-0:5.5.21-5.el7
  • php55-php-ldap-0:5.5.21-5.el6
  • php55-php-ldap-0:5.5.21-5.el7
  • php55-php-mbstring-0:5.5.21-5.el6
  • php55-php-mbstring-0:5.5.21-5.el7
  • php55-php-mysqlnd-0:5.5.21-5.el6
  • php55-php-mysqlnd-0:5.5.21-5.el7
  • php55-php-odbc-0:5.5.21-5.el6
  • php55-php-odbc-0:5.5.21-5.el7
  • php55-php-opcache-0:5.5.21-5.el6
  • php55-php-opcache-0:5.5.21-5.el7
  • php55-php-pdo-0:5.5.21-5.el6
  • php55-php-pdo-0:5.5.21-5.el7
  • php55-php-pgsql-0:5.5.21-5.el6
  • php55-php-pgsql-0:5.5.21-5.el7
  • php55-php-process-0:5.5.21-5.el6
  • php55-php-process-0:5.5.21-5.el7
  • php55-php-pspell-0:5.5.21-5.el6
  • php55-php-pspell-0:5.5.21-5.el7
  • php55-php-recode-0:5.5.21-5.el6
  • php55-php-recode-0:5.5.21-5.el7
  • php55-php-snmp-0:5.5.21-5.el6
  • php55-php-snmp-0:5.5.21-5.el7
  • php55-php-soap-0:5.5.21-5.el6
  • php55-php-soap-0:5.5.21-5.el7
  • php55-php-tidy-0:5.5.21-5.el6
  • php55-php-xml-0:5.5.21-5.el6
  • php55-php-xml-0:5.5.21-5.el7
  • php55-php-xmlrpc-0:5.5.21-5.el6
  • php55-php-xmlrpc-0:5.5.21-5.el7
  • rh-php56-php-0:5.6.5-9.el6
  • rh-php56-php-0:5.6.5-9.el7
  • rh-php56-php-bcmath-0:5.6.5-9.el6
  • rh-php56-php-bcmath-0:5.6.5-9.el7
  • rh-php56-php-cli-0:5.6.5-9.el6
  • rh-php56-php-cli-0:5.6.5-9.el7
  • rh-php56-php-common-0:5.6.5-9.el6
  • rh-php56-php-common-0:5.6.5-9.el7
  • rh-php56-php-dba-0:5.6.5-9.el6
  • rh-php56-php-dba-0:5.6.5-9.el7
  • rh-php56-php-dbg-0:5.6.5-9.el6
  • rh-php56-php-dbg-0:5.6.5-9.el7
  • rh-php56-php-debuginfo-0:5.6.5-9.el6
  • rh-php56-php-debuginfo-0:5.6.5-9.el7
  • rh-php56-php-devel-0:5.6.5-9.el6
  • rh-php56-php-devel-0:5.6.5-9.el7
  • rh-php56-php-embedded-0:5.6.5-9.el6
  • rh-php56-php-embedded-0:5.6.5-9.el7
  • rh-php56-php-enchant-0:5.6.5-9.el6
  • rh-php56-php-enchant-0:5.6.5-9.el7
  • rh-php56-php-fpm-0:5.6.5-9.el6
  • rh-php56-php-fpm-0:5.6.5-9.el7
  • rh-php56-php-gd-0:5.6.5-9.el6
  • rh-php56-php-gd-0:5.6.5-9.el7
  • rh-php56-php-gmp-0:5.6.5-9.el6
  • rh-php56-php-gmp-0:5.6.5-9.el7
  • rh-php56-php-imap-0:5.6.5-9.el6
  • rh-php56-php-intl-0:5.6.5-9.el6
  • rh-php56-php-intl-0:5.6.5-9.el7
  • rh-php56-php-ldap-0:5.6.5-9.el6
  • rh-php56-php-ldap-0:5.6.5-9.el7
  • rh-php56-php-mbstring-0:5.6.5-9.el6
  • rh-php56-php-mbstring-0:5.6.5-9.el7
  • rh-php56-php-mysqlnd-0:5.6.5-9.el6
  • rh-php56-php-mysqlnd-0:5.6.5-9.el7
  • rh-php56-php-odbc-0:5.6.5-9.el6
  • rh-php56-php-odbc-0:5.6.5-9.el7
  • rh-php56-php-opcache-0:5.6.5-9.el6
  • rh-php56-php-opcache-0:5.6.5-9.el7
  • rh-php56-php-pdo-0:5.6.5-9.el6
  • rh-php56-php-pdo-0:5.6.5-9.el7
  • rh-php56-php-pgsql-0:5.6.5-9.el6
  • rh-php56-php-pgsql-0:5.6.5-9.el7
  • rh-php56-php-process-0:5.6.5-9.el6
  • rh-php56-php-process-0:5.6.5-9.el7
  • rh-php56-php-pspell-0:5.6.5-9.el6
  • rh-php56-php-pspell-0:5.6.5-9.el7
  • rh-php56-php-recode-0:5.6.5-9.el6
  • rh-php56-php-recode-0:5.6.5-9.el7
  • rh-php56-php-snmp-0:5.6.5-9.el6
  • rh-php56-php-snmp-0:5.6.5-9.el7
  • rh-php56-php-soap-0:5.6.5-9.el6
  • rh-php56-php-soap-0:5.6.5-9.el7
  • rh-php56-php-tidy-0:5.6.5-9.el6
  • rh-php56-php-xml-0:5.6.5-9.el6
  • rh-php56-php-xml-0:5.6.5-9.el7
  • rh-php56-php-xmlrpc-0:5.6.5-9.el6
  • rh-php56-php-xmlrpc-0:5.6.5-9.el7
  • php-0:5.4.16-36.3.el7_2
  • php-bcmath-0:5.4.16-36.3.el7_2
  • php-cli-0:5.4.16-36.3.el7_2
  • php-common-0:5.4.16-36.3.el7_2
  • php-dba-0:5.4.16-36.3.el7_2
  • php-debuginfo-0:5.4.16-36.3.el7_2
  • php-devel-0:5.4.16-36.3.el7_2
  • php-embedded-0:5.4.16-36.3.el7_2
  • php-enchant-0:5.4.16-36.3.el7_2
  • php-fpm-0:5.4.16-36.3.el7_2
  • php-gd-0:5.4.16-36.3.el7_2
  • php-intl-0:5.4.16-36.3.el7_2
  • php-ldap-0:5.4.16-36.3.el7_2
  • php-mbstring-0:5.4.16-36.3.el7_2
  • php-mysql-0:5.4.16-36.3.el7_2
  • php-mysqlnd-0:5.4.16-36.3.el7_2
  • php-odbc-0:5.4.16-36.3.el7_2
  • php-pdo-0:5.4.16-36.3.el7_2
  • php-pgsql-0:5.4.16-36.3.el7_2
  • php-process-0:5.4.16-36.3.el7_2
  • php-pspell-0:5.4.16-36.3.el7_2
  • php-recode-0:5.4.16-36.3.el7_2
  • php-snmp-0:5.4.16-36.3.el7_2
  • php-soap-0:5.4.16-36.3.el7_2
  • php-xml-0:5.4.16-36.3.el7_2
  • php-xmlrpc-0:5.4.16-36.3.el7_2

References