Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802330
Category:Web application abuses
Title:PHP Multiple Vulnerabilities - Sep11 (Windows)
Summary:PHP is prone to multiple vulnerabilities.
Description:Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Improper handling of passwords with 8-bit characters by 'crypt_blowfish'
function.

- An error in 'ZipArchive::addGlob' and 'ZipArchive::addPattern' functions
in ext/zip/php_zip.c file allows remote attackers to cause denial of
service via certain flags arguments.

- Improper validation of the return values of the malloc, calloc and realloc
library functions.

- Improper implementation of the error_log function.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code,
obtain sensitive information or cause a denial of service.

Affected Software/OS:
PHP version prior to 5.3.7 on Windows

Solution:
Update to PHP version 5.3.7 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 49241
BugTraq ID: 49252
Common Vulnerability Exposure (CVE) ID: CVE-2011-2483
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://www.securityfocus.com/bid/49241
Debian Security Information: DSA-2340 (Google Search)
http://www.debian.org/security/2011/dsa-2340
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
http://freshmeat.net/projects/crypt_blowfish
http://www.redhat.com/support/errata/RHSA-2011-1377.html
http://www.redhat.com/support/errata/RHSA-2011-1378.html
http://www.redhat.com/support/errata/RHSA-2011-1423.html
SuSE Security Announcement: SUSE-SA:2011:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
http://www.ubuntu.com/usn/USN-1229-1
XForce ISS Database: php-cryptblowfish-info-disclosure(69319)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319
Common Vulnerability Exposure (CVE) ID: CVE-2011-1657
http://www.securityfocus.com/bid/49252
Bugtraq: 20110819 PHP 5.3.6 ZipArchive invalid use glob(3) (Google Search)
http://www.securityfocus.com/archive/1/519385/100/0/threaded
http://www.openwall.com/lists/oss-security/2011/07/01/8
http://www.openwall.com/lists/oss-security/2011/07/01/7
http://www.openwall.com/lists/oss-security/2011/07/01/6
http://securityreason.com/securityalert/8342
http://securityreason.com/achievement_securityalert/100
XForce ISS Database: php-ziparchiveaddglob-dos(69320)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69320
Common Vulnerability Exposure (CVE) ID: CVE-2011-3182
BugTraq ID: 49249
http://www.securityfocus.com/bid/49249
http://marc.info/?l=full-disclosure&m=131373057621672&w=2
http://www.openwall.com/lists/oss-security/2011/08/22/9
http://securityreason.com/achievement_securityalert/101
XForce ISS Database: php-library-functions-dos(69430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69430
Common Vulnerability Exposure (CVE) ID: CVE-2011-3267
http://osvdb.org/74739
XForce ISS Database: php-errorlog-dos(69428)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69428
Common Vulnerability Exposure (CVE) ID: CVE-2011-3268
http://osvdb.org/74738
XForce ISS Database: php-crypt-bo(69427)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69427
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.