ID de Prueba:	1.3.6.1.4.1.25623.1.0.110012
Categoría:	Web application abuses
Título:	PHP Version < 5.3.9 Multiple Vulnerabilities
Resumen:	PHP version < 5.3.9 suffers from multiple vulnerabilities such as DOS by sending crafted requests; including hash collision parameter values. Several errors exist in some certain functions as well.;; This VT has been replaced by the following VTs:;; - PHP EXIF Header Denial of Service Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.802349);; - PHP Web Form Hash Collision Denial of Service Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.802408);; - PHP Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103464);; - PHP Multiple Denial of Service Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.802566)
Descripción:	Summary: PHP version < 5.3.9 suffers from multiple vulnerabilities such as DOS by sending crafted requests including hash collision parameter values. Several errors exist in some certain functions as well. This VT has been replaced by the following VTs: - PHP EXIF Header Denial of Service Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.802349) - PHP Web Form Hash Collision Denial of Service Vulnerability (Windows) (OID: 1.3.6.1.4.1.25623.1.0.802408) - PHP Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103464) - PHP Multiple Denial of Service Vulnerabilities (Windows) (OID: 1.3.6.1.4.1.25623.1.0.802566) Solution: Upgrade PHP to 5.3.9 or versions after. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Referencia Cruzada:	BugTraq ID: 50907 BugTraq ID: 51193 BugTraq ID: 51806 BugTraq ID: 51952 BugTraq ID: 51992 BugTraq ID: 52043 Common Vulnerability Exposure (CVE) ID: CVE-2011-4566 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://www.securityfocus.com/bid/50907 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.redhat.com/support/errata/RHSA-2012-0019.html RedHat Security Advisories: RHSA-2012:0071 http://rhn.redhat.com/errata/RHSA-2012-0071.html http://secunia.com/advisories/47253 http://secunia.com/advisories/48668 SuSE Security Announcement: openSUSE-SU-2012:0426 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html https://www.ubuntu.com/usn/USN-1307-1/ XForce ISS Database: php-exifprocessifdtag-dos(71612) https://exchange.xforce.ibmcloud.com/vulnerabilities/71612 Common Vulnerability Exposure (CVE) ID: CVE-2011-4885 http://www.securityfocus.com/bid/51193 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://www.exploit-db.com/exploits/18296 http://www.exploit-db.com/exploits/18305 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: HPSBUX02741 http://marc.info/?l=bugtraq&m=132871655717248&w=2 HPdes Security Advisory: SSRT100728 HPdes Security Advisory: SSRT100826 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py http://www.securitytracker.com/id?1026473 http://secunia.com/advisories/47404 SuSE Security Announcement: SUSE-SU-2012:0411 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html XForce ISS Database: php-hash-dos(72021) https://exchange.xforce.ibmcloud.com/vulnerabilities/72021 Common Vulnerability Exposure (CVE) ID: CVE-2012-0057 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com/lists/oss-security/2012/01/13/6 http://openwall.com/lists/oss-security/2012/01/13/7 http://openwall.com/lists/oss-security/2012/01/14/1 http://openwall.com/lists/oss-security/2012/01/14/2 http://openwall.com/lists/oss-security/2012/01/14/3 http://openwall.com/lists/oss-security/2012/01/15/2 http://openwall.com/lists/oss-security/2012/01/15/1 http://openwall.com/lists/oss-security/2012/01/15/10 http://openwall.com/lists/oss-security/2012/01/18/3 SuSE Security Announcement: SUSE-SU-2012:0472 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html XForce ISS Database: php-libxslt-security-bypass(72908) https://exchange.xforce.ibmcloud.com/vulnerabilities/72908 Common Vulnerability Exposure (CVE) ID: CVE-2012-0781 Bugtraq: 20120114 PHP 5.3.8 Multiple vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html http://www.exploit-db.com/exploits/18370/ http://cxsecurity.com/research/103 Common Vulnerability Exposure (CVE) ID: CVE-2012-0788 Common Vulnerability Exposure (CVE) ID: CVE-2012-0789
Copyright	Copyright (C) 2012 NopSec Inc.

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.