Lucene search

K
f5F5F5:K15903
HistoryDec 11, 2014 - 12:00 a.m.

K15903 : Multiple PHP vulnerabilities

2014-12-1100:00:00
my.f5.com
8

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.59 Medium

EPSS

Percentile

97.5%

Security Advisory Description

Description

The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.

Impact

None. No F5 products are affected by these vulnerabilities.

Status

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product Versions known to be vulnerable Versions known to be not vulnerable Vulnerable component or feature
BIG-IP LTM None
11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP AAM None 11.4.0 - 11.6.0
None
BIG-IP AFM None 11.3.0 - 11.6.0
None
BIG-IP Analytics None 11.0.0 - 11.6.0
None
BIG-IP APM None 11.0.0 - 11.6.0
10.1.0 - 10.2.4
None
BIG-IP ASM None 11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP Edge Gateway
None 11.0.0 - 11.3.0
10.1.0 - 10.2.4
None
BIG-IP GTM None 11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP Link Controller None
11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP PEM None
11.3.0 - 11.6.0
None
BIG-IP PSM None 11.0.0 - 11.4.1
10.0.0 - 10.2.4
None
BIG-IP WebAccelerator None 11.0.0 - 11.3.0
10.0.0 - 10.2.4
None
BIG-IP WOM None 11.0.0 - 11.3.0
10.0.0 - 10.2.4
None
ARX None 6.0.0 - 6.4.0
None
Enterprise Manager None 3.0.0 - 3.1.1
2.1.0 - 2.3.0
None
FirePass None 7.0.0
6.0.0 - 6.1.0
None
BIG-IQ Cloud None
4.0.0 - 4.4.0
None
BIG-IQ Device None
4.2.0 - 4.4.0
None
BIG-IQ Security None
4.0.0 - 4.4.0
None
LineRate None 2.2.0 - 2.5.0
1.6.0 - 1.6.4 None
WebSafe None 1.0.0 None

Recommended action

None

Supplemental Information

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.59 Medium

EPSS

Percentile

97.5%