{"id": "FEDORA:0DCE622647", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 19 Update: php-5.5.12-1.fc19", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "published": "2014-05-12T05:25:38", "modified": "2014-05-12T05:25:38", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420", "CVE-2014-0185"], "lastseen": "2020-12-21T08:17:52", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:867126", "OPENVAS:1361412562310868640", "OPENVAS:1361412562310867712", "OPENVAS:1361412562310867904", "OPENVAS:1361412562310866845", "OPENVAS:1361412562310868436", "OPENVAS:867712", "OPENVAS:866845", "OPENVAS:1361412562310867126", "OPENVAS:1361412562310867803"]}, {"type": "cve", "idList": ["CVE-2013-6420", "CVE-2011-4718", "CVE-2013-4248", "CVE-2014-0185", "CVE-2013-4113"]}, {"type": "fedora", "idList": ["FEDORA:3BAB62184E", "FEDORA:82E2722436", "FEDORA:89C0D20C62", "FEDORA:DFC2660C9809", "FEDORA:D71912448B", "FEDORA:92E93228C5", "FEDORA:6DCF422CB0", "FEDORA:220C522107", "FEDORA:574FF21305", "FEDORA:3079E60D68D9"]}, {"type": "f5", "idList": ["SOL15110", "SOL15169", "SOL15322", "SOL14909", "SOL14930"]}, {"type": "nessus", "idList": ["ALA_ALAS-2013-224.NASL", "PHP_5_5_2.NASL", "MANDRIVA_MDVSA-2014-014.NASL", "FEDORA_2013-14998.NASL", "PHP_5_4_18.NASL", "SUSE_11_APACHE2-MOD_PHP5-131220.NASL", "SUSE_11_APACHE2-MOD_PHP53-131218.NASL", "PHP_5_3_28.NASL", "SUSE_SU-2014-0064-1.NASL", "OPENSUSE-2013-1032.NASL"]}, {"type": "amazon", "idList": ["ALAS-2013-224"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0873-2", "SUSE-SU-2014:0873-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30264", "SECURITYVULNS:DOC:30774", "SECURITYVULNS:VULN:13796"]}, {"type": "threatpost", "idList": ["THREATPOST:3A3D259BB4BCD97BF28642DE2B3F4146"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2742-1:FA4D7"]}, {"type": "slackware", "idList": ["SSA-2013-242-02"]}, {"type": "ubuntu", "idList": ["USN-1937-1"]}], "modified": "2020-12-21T08:17:52", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-12-21T08:17:52", "rev": 2}, "vulnersScore": 5.9}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "19", "arch": "any", "packageName": "php", "packageVersion": "5.5.12", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"openvas": [{"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2013-6420", "CVE-2014-0185"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-05-19T00:00:00", "id": "OPENVAS:1361412562310867803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867803", "type": "openvas", "title": "Fedora Update for php FEDORA-2014-5984", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2014-5984\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867803\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-19 11:16:12 +0530 (Mon, 19 May 2014)\");\n script_cve_id(\"CVE-2014-0185\", \"CVE-2013-6420\", \"CVE-2011-4718\", \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2014-5984\");\n script_tag(name:\"affected\", value:\"php on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5984\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133189.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.12~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2014-8142", "CVE-2013-6420", "CVE-2014-0185"], "description": "Check the version of php", "modified": "2019-03-15T00:00:00", "published": "2014-12-30T00:00:00", "id": "OPENVAS:1361412562310868640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868640", "type": "openvas", "title": "Fedora Update for php FEDORA-2014-17276", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2014-17276\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868640\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-30 05:57:37 +0100 (Tue, 30 Dec 2014)\");\n script_cve_id(\"CVE-2014-8142\", \"CVE-2014-0185\", \"CVE-2013-6420\", \"CVE-2011-4718\",\n \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2014-17276\");\n script_tag(name:\"summary\", value:\"Check the version of php\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17276\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/147123.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.20~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2013-6420"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867126", "type": "openvas", "title": "Fedora Update for php FEDORA-2013-23208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2013-23208\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867126\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:45:55 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6420\", \"CVE-2011-4718\", \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2013-23208\");\n\n\n script_tag(name:\"affected\", value:\"php on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-23208\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123449.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.7~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-02-05T11:10:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2013-6420"], "description": "Check for the Version of php", "modified": "2018-02-03T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867126", "href": "http://plugins.openvas.org/nasl.php?oid=867126", "type": "openvas", "title": "Fedora Update for php FEDORA-2013-23208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2013-23208\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867126);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:45:55 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6420\", \"CVE-2011-4718\", \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2013-23208\");\n\n tag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\n\";\n\n tag_affected = \"php on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23208\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123449.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.7~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2014-0237", "CVE-2013-6420", "CVE-2014-0185", "CVE-2014-0238"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-23T00:00:00", "id": "OPENVAS:1361412562310867904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867904", "type": "openvas", "title": "Fedora Update for php FEDORA-2014-6904", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2014-6904\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867904\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-23 10:41:55 +0530 (Mon, 23 Jun 2014)\");\n script_cve_id(\"CVE-2014-0238\", \"CVE-2014-0237\", \"CVE-2014-0185\", \"CVE-2013-6420\",\n \"CVE-2011-4718\", \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2014-6904\");\n script_tag(name:\"affected\", value:\"php on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6904\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134466.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.13~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7345", "CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2013-6420"], "description": "Check for the Version of php", "modified": "2017-07-10T00:00:00", "published": "2014-04-21T00:00:00", "id": "OPENVAS:867712", "href": "http://plugins.openvas.org/nasl.php?oid=867712", "type": "openvas", "title": "Fedora Update for php FEDORA-2014-4735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2014-4735\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867712);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:00:40 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-7345\", \"CVE-2013-6420\", \"CVE-2011-4718\", \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2014-4735\");\n\n tag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\n\";\n\n tag_affected = \"php on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4735\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131524.html\");\n script_summary(\"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.11~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7345", "CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2013-6420"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-21T00:00:00", "id": "OPENVAS:1361412562310867712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867712", "type": "openvas", "title": "Fedora Update for php FEDORA-2014-4735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2014-4735\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867712\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-21 12:00:40 +0530 (Mon, 21 Apr 2014)\");\n script_cve_id(\"CVE-2013-7345\", \"CVE-2013-6420\", \"CVE-2011-4718\", \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2014-4735\");\n script_tag(name:\"affected\", value:\"php on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4735\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131524.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.11~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:08:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248"], "description": "Check for the Version of php", "modified": "2018-01-18T00:00:00", "published": "2013-08-27T00:00:00", "id": "OPENVAS:866845", "href": "http://plugins.openvas.org/nasl.php?oid=866845", "type": "openvas", "title": "Fedora Update for php FEDORA-2013-14998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2013-14998\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866845);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-27 09:54:36 +0530 (Tue, 27 Aug 2013)\");\n script_cve_id(\"CVE-2013-4248\", \"CVE-2011-4718\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2013-14998\");\n\n tag_insight = \"PHP is an HTML-embedded scripting language. PHP attempts to make it\neasy for developers to write dynamically generated web pages. PHP also\noffers built-in database integration for several commercial and\nnon-commercial database management systems, so writing a\ndatabase-enabled webpage with PHP is fairly simple. The most common\nuse of PHP coding is probably as a replacement for CGI scripts.\n\nThe php package contains the module (often referred to as mod_php)\nwhich adds support for the PHP language to Apache HTTP Server.\n\";\n\n tag_affected = \"php on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14998\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114648.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of php\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.3~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-27T00:00:00", "id": "OPENVAS:1361412562310866845", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866845", "type": "openvas", "title": "Fedora Update for php FEDORA-2013-14998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2013-14998\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866845\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-27 09:54:36 +0530 (Tue, 27 Aug 2013)\");\n script_cve_id(\"CVE-2013-4248\", \"CVE-2011-4718\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2013-14998\");\n\n\n script_tag(name:\"affected\", value:\"php on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14998\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114648.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.3~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2011-4718", "CVE-2013-4248", "CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2013-6420", "CVE-2014-0185"], "description": "Check the version of php", "modified": "2019-03-15T00:00:00", "published": "2014-10-29T00:00:00", "id": "OPENVAS:1361412562310868436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868436", "type": "openvas", "title": "Fedora Update for php FEDORA-2014-13031", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2014-13031\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868436\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-29 05:51:39 +0100 (Wed, 29 Oct 2014)\");\n script_cve_id(\"CVE-2014-3669\", \"CVE-2014-3670\", \"CVE-2014-3668\", \"CVE-2014-0185\",\n \"CVE-2013-6420\", \"CVE-2011-4718\", \"CVE-2013-4248\", \"CVE-2013-4113\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for php FEDORA-2014-13031\");\n script_tag(name:\"summary\", value:\"Check the version of php\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-13031\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141404.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.5.18~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T19:39:12", "description": "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.", "edition": 5, "cvss3": {}, "published": "2013-08-13T15:04:00", "title": "CVE-2011-4718", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4718"], "modified": "2013-08-13T18:32:00", "cpe": ["cpe:/a:php:php:5.1.5", "cpe:/a:php:php:5.2.1", "cpe:/a:php:php:5.2.12", "cpe:/a:php:php:5.4.12", "cpe:/a:php:php:5.3.13", "cpe:/a:php:php:5.4.1", "cpe:/a:php:php:5.4.8", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:5.2.11", "cpe:/a:php:php:5.3.4", "cpe:/a:php:php:5.2.9", "cpe:/a:php:php:5.3.25", "cpe:/a:php:php:5.2.6", "cpe:/a:php:php:5.1.4", "cpe:/a:php:php:5.4.4", "cpe:/a:php:php:5.3.21", "cpe:/a:php:php:5.3.8", "cpe:/a:php:php:5.3.22", "cpe:/a:php:php:5.1.3", "cpe:/a:php:php:5.3.9", "cpe:/a:php:php:5.4.0", "cpe:/a:php:php:5.1.6", "cpe:/a:php:php:5.2.3", "cpe:/a:php:php:5.4.5", "cpe:/a:php:php:5.2.5", "cpe:/a:php:php:5.3.6", "cpe:/a:php:php:5.3.19", "cpe:/a:php:php:5.3.10", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:5.3.5", "cpe:/a:php:php:5.3.1", "cpe:/a:php:php:5.2.10", "cpe:/a:php:php:5.3.23", "cpe:/a:php:php:5.2.4", "cpe:/a:php:php:5.3.20", "cpe:/a:php:php:5.1.0", "cpe:/a:php:php:5.2.0", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:5.3.26", "cpe:/a:php:php:5.2.15", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:5.3.17", "cpe:/a:php:php:5.4.11", "cpe:/a:php:php:5.2.8", "cpe:/a:php:php:5.3.11", "cpe:/a:php:php:5.4.7", "cpe:/a:php:php:5.4.9", "cpe:/a:php:php:5.2.13", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:5.3.27", "cpe:/a:php:php:5.4.16", "cpe:/a:php:php:5.3.15", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.2.2", "cpe:/a:php:php:5.3.12", "cpe:/a:php:php:5.3.7", "cpe:/a:php:php:5.4.15", "cpe:/a:php:php:5.4.13", "cpe:/a:php:php:5.4.10", "cpe:/a:php:php:5.2.17", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:5.4.2", "cpe:/a:php:php:5.3.14", "cpe:/a:php:php:5.3.18", "cpe:/a:php:php:5.3.2", "cpe:/a:php:php:5.4.6", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:5.2.7", "cpe:/a:php:php:5.1.2", "cpe:/a:php:php:5.3.16", "cpe:/a:php:php:5.3.3", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:5.2.14", "cpe:/a:php:php:5.4.3", "cpe:/a:php:php:5.3.24", "cpe:/a:php:php:5.4.14", "cpe:/a:php:php:5.2.16"], "id": "CVE-2011-4718", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4718", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:48", "description": "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.", "edition": 5, "cvss3": {}, "published": "2013-12-17T04:46:00", "title": "CVE-2013-6420", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6420"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:php:php:5.4.12", "cpe:/a:php:php:5.3.13", "cpe:/a:php:php:5.4.1", "cpe:/a:php:php:5.4.8", "cpe:/a:php:php:5.3.4", "cpe:/a:php:php:5.3.25", "cpe:/a:php:php:5.4.4", "cpe:/a:php:php:5.3.21", "cpe:/a:php:php:5.3.8", "cpe:/a:php:php:5.3.22", "cpe:/a:php:php:5.3.9", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:php:php:5.4.0", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.4.5", "cpe:/a:php:php:5.4.19", "cpe:/a:php:php:5.4.17", "cpe:/a:php:php:5.3.6", "cpe:/a:php:php:5.3.19", "cpe:/a:php:php:5.3.10", "cpe:/a:php:php:5.3.5", "cpe:/a:php:php:5.4.20", "cpe:/a:php:php:5.3.1", "cpe:/o:apple:mac_os_x:10.9.1", "cpe:/a:php:php:5.3.23", "cpe:/a:php:php:5.3.20", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:5.3.26", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.3.17", "cpe:/a:php:php:5.4.11", "cpe:/a:php:php:5.3.11", "cpe:/a:php:php:5.4.7", "cpe:/a:php:php:5.4.9", "cpe:/a:php:php:5.3.27", "cpe:/a:php:php:5.4.16", "cpe:/a:php:php:5.3.15", "cpe:/o:opensuse:opensuse:11.4", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.3.12", "cpe:/a:php:php:5.3.7", "cpe:/o:opensuse:opensuse:12.2", "cpe:/a:php:php:5.4.22", "cpe:/a:php:php:5.4.15", "cpe:/a:php:php:5.4.13", "cpe:/a:php:php:5.4.10", "cpe:/a:php:php:5.4.2", "cpe:/a:php:php:5.4.18", "cpe:/a:php:php:5.4.21", "cpe:/a:php:php:5.3.14", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.3.18", "cpe:/a:php:php:5.3.2", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.4.6", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.3.16", "cpe:/a:php:php:5.3.3", "cpe:/o:opensuse:opensuse:12.3", "cpe:/a:php:php:5.4.3", "cpe:/a:php:php:5.3.24", "cpe:/a:php:php:5.4.14"], "id": "CVE-2013-6420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6420", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:11", "description": "sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.", "edition": 3, "cvss3": {}, "published": "2014-05-06T10:44:00", "title": "CVE-2014-0185", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0185"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.5.11", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.5.9"], "id": "CVE-2014-0185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0185", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:44", "description": "The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "edition": 5, "cvss3": {}, "published": "2013-08-18T02:52:00", "title": "CVE-2013-4248", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4248"], "modified": "2016-11-28T19:09:00", "cpe": ["cpe:/a:php:php:5.1.5", "cpe:/a:php:php:5.2.1", "cpe:/a:php:php:5.2.12", "cpe:/a:php:php:5.4.12", "cpe:/a:php:php:5.3.13", "cpe:/a:php:php:5.4.1", "cpe:/a:php:php:5.4.8", "cpe:/a:php:php:5.0.1", "cpe:/a:php:php:5.2.11", "cpe:/a:php:php:5.3.4", "cpe:/a:php:php:5.2.9", "cpe:/a:php:php:5.3.25", "cpe:/a:php:php:5.2.6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:php:php:5.1.4", "cpe:/a:php:php:5.4.4", "cpe:/a:php:php:5.3.21", "cpe:/a:php:php:5.3.8", "cpe:/a:php:php:5.3.22", "cpe:/a:php:php:5.1.3", "cpe:/a:php:php:5.3.9", "cpe:/a:php:php:5.4.0", "cpe:/a:php:php:5.1.6", "cpe:/a:php:php:5.2.3", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:php:php:5.4.5", "cpe:/a:php:php:5.2.5", "cpe:/a:php:php:5.4.17", "cpe:/a:php:php:5.3.6", "cpe:/a:php:php:5.3.19", "cpe:/a:php:php:5.3.10", "cpe:/a:php:php:5.0.2", "cpe:/a:php:php:5.3.5", "cpe:/a:php:php:5.3.1", "cpe:/a:php:php:5.2.10", "cpe:/a:php:php:5.3.23", "cpe:/a:php:php:5.2.4", "cpe:/a:php:php:5.3.20", "cpe:/a:php:php:5.1.0", "cpe:/a:php:php:5.2.0", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:5.3.26", "cpe:/a:php:php:5.2.15", "cpe:/a:php:php:5.0.4", "cpe:/a:php:php:5.3.17", "cpe:/a:php:php:5.4.11", "cpe:/a:php:php:5.2.8", "cpe:/a:php:php:5.3.11", "cpe:/a:php:php:5.4.7", "cpe:/a:php:php:5.4.9", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:php:php:5.2.13", "cpe:/a:php:php:5.1.1", "cpe:/a:php:php:5.3.27", "cpe:/a:php:php:5.4.16", "cpe:/a:php:php:5.3.15", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.2.2", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:php:php:5.3.12", "cpe:/a:php:php:5.3.7", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/a:php:php:5.4.15", "cpe:/a:php:php:5.4.13", "cpe:/a:php:php:5.4.10", "cpe:/a:php:php:5.2.17", "cpe:/a:php:php:5.0.5", "cpe:/a:php:php:5.4.2", "cpe:/a:php:php:5.3.14", "cpe:/a:php:php:5.3.18", "cpe:/a:php:php:5.3.2", "cpe:/a:php:php:5.4.6", "cpe:/a:php:php:5.0.3", "cpe:/a:php:php:5.2.7", "cpe:/a:php:php:5.1.2", "cpe:/a:php:php:5.3.16", "cpe:/a:php:php:5.3.3", "cpe:/a:php:php:5.0.0", "cpe:/a:php:php:5.2.14", "cpe:/a:php:php:5.4.3", "cpe:/a:php:php:5.3.24", "cpe:/a:php:php:5.4.14", "cpe:/a:php:php:5.2.16"], "id": "CVE-2013-4248", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4248", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:44", "description": "ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.", "edition": 5, "cvss3": {}, "published": "2013-07-13T13:10:00", "title": "CVE-2013-4113", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4113"], "modified": "2014-03-06T04:47:00", "cpe": ["cpe:/a:php:php:5.3.13", "cpe:/a:php:php:5.3.4", "cpe:/a:php:php:5.3.25", "cpe:/a:php:php:5.3.21", "cpe:/a:php:php:5.3.8", "cpe:/a:php:php:5.3.22", "cpe:/a:php:php:5.3.9", "cpe:/a:php:php:5.3.6", "cpe:/a:php:php:5.3.19", "cpe:/a:php:php:5.3.10", "cpe:/a:php:php:5.3.5", "cpe:/a:php:php:5.3.1", "cpe:/a:php:php:5.3.23", "cpe:/a:php:php:5.3.20", "cpe:/a:php:php:5.3.0", "cpe:/a:php:php:5.3.26", "cpe:/a:php:php:5.3.17", "cpe:/a:php:php:5.3.11", "cpe:/a:php:php:5.3.15", "cpe:/a:php:php:5.3.12", "cpe:/a:php:php:5.3.7", "cpe:/a:php:php:5.3.14", "cpe:/a:php:php:5.3.18", "cpe:/a:php:php:5.3.2", "cpe:/a:php:php:5.3.16", "cpe:/a:php:php:5.3.3", "cpe:/a:php:php:5.3.24"], "id": "CVE-2013-4113", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4113", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420", "CVE-2014-0185", "CVE-2014-8142"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-12-29T09:58:37", "published": "2014-12-29T09:58:37", "id": "FEDORA:DFC2660C9809", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.20-2.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420", "CVE-2014-0185", "CVE-2014-3670"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-10-28T06:35:04", "published": "2014-10-28T06:35:04", "id": "FEDORA:3079E60D68D9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.18-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2013-12-13T05:03:19", "published": "2013-12-13T05:03:19", "id": "FEDORA:6DCF422CB0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.7-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420", "CVE-2014-0185", "CVE-2014-0237", "CVE-2014-0238"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-06-17T23:36:22", "published": "2014-06-17T23:36:22", "id": "FEDORA:89C0D20C62", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.13-3.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420", "CVE-2013-7345"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-04-15T15:45:54", "published": "2014-04-15T15:45:54", "id": "FEDORA:82E2722436", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.11-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2013-08-24T00:05:41", "published": "2013-08-24T00:05:41", "id": "FEDORA:220C522107", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.3-1.fc19", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420", "CVE-2014-1943", "CVE-2014-2270"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-03-15T15:00:56", "published": "2014-03-15T15:00:56", "id": "FEDORA:574FF21305", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.10-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2012-1571", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420", "CVE-2014-0185", "CVE-2014-2497", "CVE-2014-3587", "CVE-2014-3597", "CVE-2014-5120"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-09-02T06:47:45", "published": "2014-09-02T06:47:45", "id": "FEDORA:3BAB62184E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: php-5.5.16-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6420", "CVE-2014-0185"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "modified": "2014-05-06T03:27:27", "published": "2014-05-06T03:27:27", "id": "FEDORA:92E93228C5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: php-5.5.12-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1635", "CVE-2013-1643", "CVE-2013-4113", "CVE-2013-4248", "CVE-2013-6420"], "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. ", "modified": "2013-12-20T02:04:53", "published": "2013-12-20T02:04:53", "id": "FEDORA:D71912448B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: php-5.4.23-1.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2016-09-26T17:22:50", "bulletinFamily": "software", "cvelist": ["CVE-2011-4718"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n", "modified": "2014-01-16T00:00:00", "published": "2014-01-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14930.html", "id": "SOL14930", "title": "SOL14930 - PHP vulnerability CVE-2011-4718", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:03", "bulletinFamily": "software", "cvelist": ["CVE-2013-6420"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2014-05-22T00:00:00", "published": "2014-03-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15110.html", "id": "SOL15110", "title": "SOL15110 - PHP Vulnerability CVE-2013-6420", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:12", "bulletinFamily": "software", "cvelist": ["CVE-2014-0185"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-06-05T00:00:00", "published": "2014-06-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15322.html", "id": "SOL15322", "title": "SOL15322 - PHP vulnerability CVE-2014-0185", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:22:55", "bulletinFamily": "software", "cvelist": ["CVE-2013-4113"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should expose the Configuration utility only on trusted networks and limit login access to trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10322: FirePass hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n", "modified": "2015-05-14T00:00:00", "published": "2014-04-14T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15169.html", "id": "SOL15169", "title": "SOL15169 - PHP vulnerability CVE-2013-4113", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:37", "bulletinFamily": "software", "cvelist": ["CVE-2013-4248", "CVE-2009-2408"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "modified": "2014-01-15T00:00:00", "published": "2014-01-15T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14909.html", "id": "SOL14909", "title": "SOL14909 - OpenSSL vulnerability CVE-2013-4248", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T04:54:33", "description": "According to its banner, the version of PHP 5.5.x installed on the\nremote host is a version prior to 5.5.3. It is, therefore,\npotentially affected by the following vulnerabilities : \n\n - An error exists related to the 'Sessions' subsystem\n that can allow an attacker to hijack the session of\n another user. (CVE-2011-4718 / Bug #60491)\n\n - An error exists related to certificate validation, the\n 'subjectAltName' field and certificates containing NULL\n bytes. This error can allow spoofing attacks.\n (CVE-2013-4248)\n\nNote that this plugin does not attempt to exploit these\nvulnerabilities, but instead relies only on PHP's self-reported\nversion number.", "edition": 24, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2013-08-21T00:00:00", "title": "PHP 5.5.x < 5.5.3 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4718", "CVE-2013-4248"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/69402", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69402);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/03/27 13:17:50\");\n\n script_cve_id(\"CVE-2011-4718\", \"CVE-2013-4248\");\n script_bugtraq_id(61776, 61929);\n\n script_name(english:\"PHP 5.5.x < 5.5.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is potentially\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP 5.5.x installed on the\nremote host is a version prior to 5.5.3. It is, therefore,\npotentially affected by the following vulnerabilities : \n\n - An error exists related to the 'Sessions' subsystem\n that can allow an attacker to hijack the session of\n another user. (CVE-2011-4718 / Bug #60491)\n\n - An error exists related to certificate validation, the\n 'subjectAltName' field and certificates containing NULL\n bytes. This error can allow spoofing attacks.\n (CVE-2013-4248)\n\nNote that this plugin does not attempt to exploit these\nvulnerabilities, but instead relies only on PHP's self-reported\nversion number.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=60491\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.5.3\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/releases/5_5_3.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.3 or later.\n\nNote the 5.5.2 release contains an uninitialized memory read bug and\na compile error that prevent proper operation.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4718\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") exit(1, \"The banner from the PHP install associated with port \"+port+\" - \"+version+\" - is not granular enough to make a determination.\");\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.[012]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.5.3\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:11:00", "description": "Version 5.5.3, 22 Aug 2013\n\nOpenssl: + Fixed UMR in fix for CVE-2013-4248.\n\nVersion 5.5.2, 15-Aug-2013\n\nCore :\n\n - Fixed bug #65372 (Segfault in gc_zval_possible_root when\n return reference fails).\n\n - Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS\n constant (previously was erroneously set to\n FILTER_SANITIZE_SPECIAL_CHARS value).\n\n - Fixed bug #65304 (Use of max int in array_sum).\n\n - Fixed bug #65291 (get_defined_constants() causes PHP\n to crash in a very limited case).\n\n - Fixed bug #62691 (solaris sed has no -i switch).\n\n - Fixed bug #61345 (CGI mode - make install don't work).\n\n - Fixed bug #61268 (--enable-dtrace leads make to\n clobber Zend/zend_dtrace.d).\n\nDOM :\n\n - Added flags option to DOMDocument::schemaValidate() and\n DOMDocument::schemaValidateSource(). Added\n LIBXML_SCHEMA_CREATE flag.\n\nOPcache :\n\n - Added opcache.restrict_api configuration directive that\n may limit usage of OPcahce API functions only to\n patricular script(s).\n\n - Added support for glob symbols in blacklist entries\n (?, *, **).\n\n - Fixed bug #65338 (Enabling both php_opcache and\n php_wincache AVs on shutdown).\n\nOpenssl :\n\n - Fixed handling null bytes in subjectAltName\n (CVE-2013-4248).\n\nPDO_mysql :\n\n - Fixed bug #65299 (pdo mysql parsing errors).\n\nPhar :\n\n - Fixed bug #65028 (Phar::buildFromDirectory creates\n corrupt archives for some specific contents).\n\nPgsql :\n\n - Fixed bug #62978 (Disallow possible SQL injections with\n pg_select()/pg_update() /pg_delete()/pg_insert()).\n\n - Fixed bug #65336 (pg_escape_literal/identifier()\n silently returns false).\n\nSessions :\n\n - Implemented strict sessions RFC\n (https://wiki.php.net/rfc/strict_sessions) which\n protects against session fixation attacks and session\n collisions (CVE-2011-4718).\n\n - Fixed possible buffer overflow under Windows. Note:\n Not a security fix.\n\n - Changed session.auto_start to PHP_INI_PERDIR.\n\nSOAP :\n\n - Fixed bug #65018 (SoapHeader problems with SoapServer).\n\nSPL :\n\n - Fixed bug #65328 (Segfault when getting SplStack object\n Value).\n\n - Added RecursiveTreeIterator setPostfix and getPostifx\n methods.\n\n - Fixed bug #61697 (spl_autoload_functions returns\n lambda functions incorrectly).\n\nStreams :\n\n - Fixed bug #65268 (select() implementation uses outdated\n tick API).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2013-08-25T00:00:00", "title": "Fedora 19 : php-5.5.3-1.fc19 (2013-14998)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4718", "CVE-2013-4248"], "modified": "2013-08-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:php"], "id": "FEDORA_2013-14998.NASL", "href": "https://www.tenable.com/plugins/nessus/69462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14998.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69462);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4718\", \"CVE-2013-4248\");\n script_bugtraq_id(61776, 61929);\n script_xref(name:\"FEDORA\", value:\"2013-14998\");\n\n script_name(english:\"Fedora 19 : php-5.5.3-1.fc19 (2013-14998)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Version 5.5.3, 22 Aug 2013\n\nOpenssl: + Fixed UMR in fix for CVE-2013-4248.\n\nVersion 5.5.2, 15-Aug-2013\n\nCore :\n\n - Fixed bug #65372 (Segfault in gc_zval_possible_root when\n return reference fails).\n\n - Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS\n constant (previously was erroneously set to\n FILTER_SANITIZE_SPECIAL_CHARS value).\n\n - Fixed bug #65304 (Use of max int in array_sum).\n\n - Fixed bug #65291 (get_defined_constants() causes PHP\n to crash in a very limited case).\n\n - Fixed bug #62691 (solaris sed has no -i switch).\n\n - Fixed bug #61345 (CGI mode - make install don't work).\n\n - Fixed bug #61268 (--enable-dtrace leads make to\n clobber Zend/zend_dtrace.d).\n\nDOM :\n\n - Added flags option to DOMDocument::schemaValidate() and\n DOMDocument::schemaValidateSource(). Added\n LIBXML_SCHEMA_CREATE flag.\n\nOPcache :\n\n - Added opcache.restrict_api configuration directive that\n may limit usage of OPcahce API functions only to\n patricular script(s).\n\n - Added support for glob symbols in blacklist entries\n (?, *, **).\n\n - Fixed bug #65338 (Enabling both php_opcache and\n php_wincache AVs on shutdown).\n\nOpenssl :\n\n - Fixed handling null bytes in subjectAltName\n (CVE-2013-4248).\n\nPDO_mysql :\n\n - Fixed bug #65299 (pdo mysql parsing errors).\n\nPhar :\n\n - Fixed bug #65028 (Phar::buildFromDirectory creates\n corrupt archives for some specific contents).\n\nPgsql :\n\n - Fixed bug #62978 (Disallow possible SQL injections with\n pg_select()/pg_update() /pg_delete()/pg_insert()).\n\n - Fixed bug #65336 (pg_escape_literal/identifier()\n silently returns false).\n\nSessions :\n\n - Implemented strict sessions RFC\n (https://wiki.php.net/rfc/strict_sessions) which\n protects against session fixation attacks and session\n collisions (CVE-2011-4718).\n\n - Fixed possible buffer overflow under Windows. Note:\n Not a security fix.\n\n - Changed session.auto_start to PHP_INI_PERDIR.\n\nSOAP :\n\n - Fixed bug #65018 (SoapHeader problems with SoapServer).\n\nSPL :\n\n - Fixed bug #65328 (Segfault when getting SplStack object\n Value).\n\n - Added RecursiveTreeIterator setPostfix and getPostifx\n methods.\n\n - Fixed bug #61697 (spl_autoload_functions returns\n lambda functions incorrectly).\n\nStreams :\n\n - Fixed bug #65268 (select() implementation uses outdated\n tick API).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=996774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=997097\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114648.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cad3df9a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.php.net/rfc/strict_sessions\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"php-5.5.3-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:54:28", "description": "According to its banner, the version of PHP 5.4.x installed on the\nremote host is a version prior to 5.4.19. It is, therefore,\npotentially affected by the following vulnerabilities :\n\n - A heap corruption error exists in numerous functions\n in the file 'ext/xml/xml.c'. (CVE-2013-4113 / \n Bug #65236)\n\n - An error exists related to certificate validation, the\n 'subjectAltName' field and certificates containing NULL\n bytes. This error can allow spoofing attacks.\n (CVE-2013-4248)\n\nNote that this plugin does not attempt to exploit these \nvulnerabilities, but instead relies only on PHP's self-reported\nversion number.", "edition": 27, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2013-08-21T00:00:00", "title": "PHP 5.4.x < 5.4.19 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4113", "CVE-2013-4248"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_18.NASL", "href": "https://www.tenable.com/plugins/nessus/69401", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69401);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/03/27 13:17:50\");\n\n script_cve_id(\"CVE-2013-4113\", \"CVE-2013-4248\");\n script_bugtraq_id(61128, 61776);\n\n script_name(english:\"PHP 5.4.x < 5.4.19 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server uses a version of PHP that is potentially\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the version of PHP 5.4.x installed on the\nremote host is a version prior to 5.4.19. It is, therefore,\npotentially affected by the following vulnerabilities :\n\n - A heap corruption error exists in numerous functions\n in the file 'ext/xml/xml.c'. (CVE-2013-4113 / \n Bug #65236)\n\n - An error exists related to certificate validation, the\n 'subjectAltName' field and certificates containing NULL\n bytes. This error can allow spoofing attacks.\n (CVE-2013-4248)\n\nNote that this plugin does not attempt to exploit these \nvulnerabilities, but instead relies only on PHP's self-reported\nversion number.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=65236\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.4.18\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.19 or later.\n\nNote the 5.4.18 release contains an uninitialized memory read bug and\na compile error that prevent proper operation.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4113\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") exit(1, \"The banner from the PHP install associated with port \"+port+\" - \"+version+\" - is not granular enough to make a determination.\");\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|1[0-8])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.4.19\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T12:28:55", "description": "This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509. (CVE-2013-6420)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)", "edition": 16, "published": "2014-01-15T00:00:00", "title": "SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420"], "modified": "2014-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:php5-mysql", "p-cpe:/a:novell:suse_linux:11:php5-bcmath", "p-cpe:/a:novell:suse_linux:11:php5-json", "p-cpe:/a:novell:suse_linux:11:php5-zlib", "p-cpe:/a:novell:suse_linux:11:php5-dbase", "p-cpe:/a:novell:suse_linux:11:php5-soap", "p-cpe:/a:novell:suse_linux:11:php5-pgsql", "p-cpe:/a:novell:suse_linux:11:php5-bz2", "p-cpe:/a:novell:suse_linux:11:php5-gd", "p-cpe:/a:novell:suse_linux:11:php5-suhosin", "p-cpe:/a:novell:suse_linux:11:php5-mcrypt", "p-cpe:/a:novell:suse_linux:11:php5-dom", "p-cpe:/a:novell:suse_linux:11:php5-sysvshm", "p-cpe:/a:novell:suse_linux:11:php5-gmp", "p-cpe:/a:novell:suse_linux:11:php5-pdo", "p-cpe:/a:novell:suse_linux:11:php5-fastcgi", "p-cpe:/a:novell:suse_linux:11:php5-ldap", "p-cpe:/a:novell:suse_linux:11:php5-mbstring", "p-cpe:/a:novell:suse_linux:11:php5-odbc", "p-cpe:/a:novell:suse_linux:11:php5-dba", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:php5-openssl", "p-cpe:/a:novell:suse_linux:11:php5-tokenizer", "p-cpe:/a:novell:suse_linux:11:php5-pspell", "p-cpe:/a:novell:suse_linux:11:php5-zip", "p-cpe:/a:novell:suse_linux:11:php5-gettext", "p-cpe:/a:novell:suse_linux:11:php5-ctype", "p-cpe:/a:novell:suse_linux:11:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php5", "p-cpe:/a:novell:suse_linux:11:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:11:php5-snmp", "p-cpe:/a:novell:suse_linux:11:php5-wddx", "p-cpe:/a:novell:suse_linux:11:php5-pcntl", "p-cpe:/a:novell:suse_linux:11:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php5-hash", "p-cpe:/a:novell:suse_linux:11:php5-exif", "p-cpe:/a:novell:suse_linux:11:php5-sysvsem", "p-cpe:/a:novell:suse_linux:11:php5-pear", "p-cpe:/a:novell:suse_linux:11:php5-calendar", "p-cpe:/a:novell:suse_linux:11:php5-xsl", "p-cpe:/a:novell:suse_linux:11:php5-curl", "p-cpe:/a:novell:suse_linux:11:php5-xmlreader", "p-cpe:/a:novell:suse_linux:11:php5-shmop", "p-cpe:/a:novell:suse_linux:11:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php5-iconv", "p-cpe:/a:novell:suse_linux:11:php5-ftp"], "id": "SUSE_11_APACHE2-MOD_PHP5-131220.NASL", "href": "https://www.tenable.com/plugins/nessus/71964", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71964);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\");\n\n script_name(english:\"SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509. (CVE-2013-6420)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6420.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8710.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-mod_php5-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-bcmath-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-bz2-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-calendar-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-ctype-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-curl-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-dba-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-dbase-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-dom-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-exif-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-fastcgi-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-ftp-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-gd-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-gettext-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-gmp-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-hash-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-iconv-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-json-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-ldap-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-mbstring-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-mcrypt-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-mysql-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-odbc-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-openssl-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-pcntl-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-pdo-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-pear-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-pgsql-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-pspell-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-shmop-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-snmp-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-soap-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-suhosin-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-sysvmsg-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-sysvsem-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-sysvshm-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-tokenizer-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-wddx-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-xmlreader-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-xmlrpc-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-xmlwriter-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-xsl-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-zip-5.2.14-0.7.30.50.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php5-zlib-5.2.14-0.7.30.50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:33", "description": "Session fixation vulnerability in the Sessions subsystem in PHP before\n5.5.2 allows remote attackers to hijack web sessions by specifying a\nsession ID.\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in\nPHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\n'\\0' character in a domain name in the Subject Alternative Name field\nof an X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408 .", "edition": 24, "published": "2013-10-01T00:00:00", "title": "Amazon Linux AMI : php54 (ALAS-2013-224)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4718", "CVE-2013-4248", "CVE-2009-2408"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php54-process", "p-cpe:/a:amazon:linux:php54-dba", "p-cpe:/a:amazon:linux:php54-xml", "p-cpe:/a:amazon:linux:php54-cli", "p-cpe:/a:amazon:linux:php54-mysql", "p-cpe:/a:amazon:linux:php54-mssql", "p-cpe:/a:amazon:linux:php54-soap", "p-cpe:/a:amazon:linux:php54", "p-cpe:/a:amazon:linux:php54-fpm", "p-cpe:/a:amazon:linux:php54-intl", "p-cpe:/a:amazon:linux:php54-gd", "p-cpe:/a:amazon:linux:php54-snmp", "p-cpe:/a:amazon:linux:php54-mysqlnd", "p-cpe:/a:amazon:linux:php54-recode", "p-cpe:/a:amazon:linux:php54-mbstring", "p-cpe:/a:amazon:linux:php54-odbc", "p-cpe:/a:amazon:linux:php54-bcmath", "p-cpe:/a:amazon:linux:php54-ldap", "p-cpe:/a:amazon:linux:php54-pspell", "p-cpe:/a:amazon:linux:php54-imap", "p-cpe:/a:amazon:linux:php54-pdo", "p-cpe:/a:amazon:linux:php54-pgsql", "p-cpe:/a:amazon:linux:php54-tidy", "p-cpe:/a:amazon:linux:php54-mcrypt", "p-cpe:/a:amazon:linux:php54-embedded", "p-cpe:/a:amazon:linux:php54-debuginfo", "p-cpe:/a:amazon:linux:php54-xmlrpc", "p-cpe:/a:amazon:linux:php54-devel", "p-cpe:/a:amazon:linux:php54-enchant", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:php54-common"], "id": "ALA_ALAS-2013-224.NASL", "href": "https://www.tenable.com/plugins/nessus/70228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-224.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70228);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2011-4718\", \"CVE-2013-4248\");\n script_xref(name:\"ALAS\", value:\"2013-224\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2013-224)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Session fixation vulnerability in the Sessions subsystem in PHP before\n5.5.2 allows remote attackers to hijack web sessions by specifying a\nsession ID.\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in\nPHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\n'\\0' character in a domain name in the Subject Alternative Name field\nof an X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-224.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.19-1.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.19-1.42.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T12:29:26", "description": "This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509 (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-bz2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:php53-zlib", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-exif"], "id": "SUSE_SU-2014-0064-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83607", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0064-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83607);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(61776, 64018, 64225);\n\n script_name(english:\"SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509 (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=8819817181dd7026cfe3ff43214688c6\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ebe2dd9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6712.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/854880\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140064-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f0c918a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP2 :\n\nzypper in -t patch sdksp2-apache2-mod_php53-8683\n\nSUSE Linux Enterprise Server 11 SP2 for VMware :\n\nzypper in -t patch slessp2-apache2-mod_php53-8683\n\nSUSE Linux Enterprise Server 11 SP2 :\n\nzypper in -t patch slessp2-apache2-mod_php53-8683\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^2$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bcmath-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bz2-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-calendar-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ctype-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-curl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dba-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dom-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-exif-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fastcgi-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fileinfo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ftp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gd-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gettext-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-iconv-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-intl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-json-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ldap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mbstring-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mcrypt-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mysql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-odbc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-openssl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pcntl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pdo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pear-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pgsql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pspell-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-shmop-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-snmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-soap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-suhosin-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvmsg-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvsem-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvshm-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-tokenizer-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-wddx-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlreader-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlrpc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlwriter-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xsl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zip-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zlib-5.3.8-0.43.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T12:28:55", "description": "This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509. (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval. (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)", "edition": 16, "published": "2014-01-15T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2014-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:php53-fileinfo", "p-cpe:/a:novell:suse_linux:11:php53-ftp", "p-cpe:/a:novell:suse_linux:11:php53-mysql", "p-cpe:/a:novell:suse_linux:11:php53-calendar", "p-cpe:/a:novell:suse_linux:11:php53-curl", "p-cpe:/a:novell:suse_linux:11:php53-zlib", "p-cpe:/a:novell:suse_linux:11:php53-soap", "p-cpe:/a:novell:suse_linux:11:php53-sysvshm", "p-cpe:/a:novell:suse_linux:11:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:11:php53-bz2", "p-cpe:/a:novell:suse_linux:11:php53-wddx", "p-cpe:/a:novell:suse_linux:11:php53-suhosin", "p-cpe:/a:novell:suse_linux:11:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:11:php53-odbc", "p-cpe:/a:novell:suse_linux:11:php53-ldap", "p-cpe:/a:novell:suse_linux:11:php53-gd", "p-cpe:/a:novell:suse_linux:11:php53-xsl", "p-cpe:/a:novell:suse_linux:11:php53-ctype", "p-cpe:/a:novell:suse_linux:11:php53-pear", "p-cpe:/a:novell:suse_linux:11:php53-bcmath", "p-cpe:/a:novell:suse_linux:11:php53-pcntl", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:php53-dom", "p-cpe:/a:novell:suse_linux:11:php53-openssl", "p-cpe:/a:novell:suse_linux:11:php53-mbstring", "p-cpe:/a:novell:suse_linux:11:php53-intl", "p-cpe:/a:novell:suse_linux:11:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:11:php53-sysvsem", "p-cpe:/a:novell:suse_linux:11:php53-iconv", "p-cpe:/a:novell:suse_linux:11:php53-pspell", "p-cpe:/a:novell:suse_linux:11:php53-exif", "p-cpe:/a:novell:suse_linux:11:php53-pdo", "p-cpe:/a:novell:suse_linux:11:php53-tokenizer", "p-cpe:/a:novell:suse_linux:11:php53-zip", "p-cpe:/a:novell:suse_linux:11:php53-dba", "p-cpe:/a:novell:suse_linux:11:php53-fastcgi", "p-cpe:/a:novell:suse_linux:11:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:11:php53-pgsql", "p-cpe:/a:novell:suse_linux:11:php53-xmlreader", "p-cpe:/a:novell:suse_linux:11:php53-gmp", "p-cpe:/a:novell:suse_linux:11:php53-mcrypt", "p-cpe:/a:novell:suse_linux:11:php53", "p-cpe:/a:novell:suse_linux:11:php53-json", "p-cpe:/a:novell:suse_linux:11:php53-shmop", "p-cpe:/a:novell:suse_linux:11:php53-gettext", "p-cpe:/a:novell:suse_linux:11:php53-snmp"], "id": "SUSE_11_APACHE2-MOD_PHP53-131218.NASL", "href": "https://www.tenable.com/plugins/nessus/71965", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71965);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following issues :\n\n - memory corruption in openssl_parse_x509. (CVE-2013-6420)\n\n - Heap buffer over-read in DateInterval. (CVE-2013-6712)\n\n - man-in-the-middle attacks by specially crafting\n certificates (CVE-2013-4248)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=842676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4248.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6712.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8683 / 8684 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"apache2-mod_php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-bcmath-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-bz2-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-calendar-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ctype-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-curl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-dba-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-dom-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-exif-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-fastcgi-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-fileinfo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ftp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gd-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gettext-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-gmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-iconv-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-intl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-json-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-ldap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mbstring-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mcrypt-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-mysql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-odbc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-openssl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pcntl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pdo-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pear-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pgsql-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-pspell-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-shmop-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-snmp-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-soap-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-suhosin-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvmsg-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvsem-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-sysvshm-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-tokenizer-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-wddx-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlreader-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlrpc-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xmlwriter-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-xsl-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-zip-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"php53-zlib-5.3.8-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"apache2-mod_php53-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-bcmath-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-bz2-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-calendar-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-ctype-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-curl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-dba-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-dom-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-exif-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-fastcgi-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-fileinfo-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-ftp-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-gd-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-gettext-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-gmp-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-iconv-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-intl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-json-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-ldap-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-mbstring-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-mcrypt-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-mysql-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-odbc-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-openssl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pcntl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pdo-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pear-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pgsql-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-pspell-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-shmop-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-snmp-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-soap-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-suhosin-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-sysvmsg-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-sysvsem-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-sysvshm-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-tokenizer-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-wddx-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xmlreader-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xmlrpc-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xmlwriter-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-xsl-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-zip-5.3.17-0.17.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"php53-zlib-5.3.17-0.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:12:07", "description": " - security update\n\n - CVE-2013-6420.patch [bnc#854880]\n\n - CVE-2013-6712.patch [bnc#853045]\n\n - CVE-2013-4248.patch [bnc#837746]", "edition": 16, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-ldap"], "id": "OPENSUSE-2013-1032.NASL", "href": "https://www.tenable.com/plugins/nessus/74876", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-1032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74876);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(61776, 64018, 64225);\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1)\");\n script_summary(english:\"Check for the openSUSE-2013-1032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - security update\n\n - CVE-2013-6420.patch [bnc#854880]\n\n - CVE-2013-6712.patch [bnc#853045]\n\n - CVE-2013-4248.patch [bnc#837746]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=837746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"apache2-mod_php5-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"apache2-mod_php5-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bcmath-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bcmath-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bz2-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-bz2-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-calendar-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-calendar-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ctype-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ctype-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-curl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-curl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dba-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dba-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-debugsource-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-devel-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dom-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-dom-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-enchant-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-enchant-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-exif-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-exif-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fastcgi-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fastcgi-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fileinfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fileinfo-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fpm-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-fpm-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ftp-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ftp-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gd-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gd-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gettext-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gettext-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gmp-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-gmp-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-iconv-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-iconv-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-imap-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-imap-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-intl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-intl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-json-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-json-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ldap-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-ldap-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mbstring-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mbstring-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mcrypt-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mcrypt-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mssql-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mssql-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mysql-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-mysql-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-odbc-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-odbc-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-openssl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-openssl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pcntl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pcntl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pdo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pdo-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pear-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pgsql-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pgsql-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-phar-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-phar-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-posix-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-posix-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pspell-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-pspell-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-readline-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-readline-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-shmop-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-shmop-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-snmp-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-snmp-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-soap-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-soap-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sockets-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sockets-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sqlite-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sqlite-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-suhosin-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-suhosin-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvmsg-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvmsg-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvsem-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvsem-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvshm-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-sysvshm-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tidy-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tidy-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tokenizer-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-tokenizer-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-wddx-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-wddx-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlreader-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlreader-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlrpc-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlrpc-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlwriter-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xmlwriter-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xsl-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-xsl-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zip-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zip-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zlib-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"php5-zlib-debuginfo-5.3.15-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_php5-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_php5-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bcmath-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bcmath-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bz2-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-bz2-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-calendar-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-calendar-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ctype-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ctype-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-curl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-curl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dba-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dba-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-debugsource-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-devel-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dom-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-dom-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-enchant-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-enchant-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-exif-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-exif-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fastcgi-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fastcgi-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fileinfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fileinfo-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fpm-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-fpm-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ftp-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ftp-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gd-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gd-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gettext-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gettext-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gmp-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-gmp-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-iconv-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-iconv-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-imap-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-imap-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-intl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-intl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-json-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-json-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ldap-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-ldap-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mbstring-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mbstring-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mcrypt-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mcrypt-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mssql-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mssql-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mysql-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-mysql-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-odbc-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-odbc-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-openssl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-openssl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pcntl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pcntl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pdo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pdo-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pear-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pgsql-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pgsql-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-phar-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-phar-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-posix-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-posix-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pspell-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-pspell-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-readline-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-readline-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-shmop-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-shmop-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-snmp-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-snmp-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-soap-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-soap-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sockets-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sockets-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sqlite-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sqlite-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-suhosin-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-suhosin-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvmsg-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvmsg-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvsem-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvsem-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvshm-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-sysvshm-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tidy-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tidy-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tokenizer-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-tokenizer-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-wddx-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-wddx-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlreader-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlreader-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlrpc-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlrpc-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlwriter-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xmlwriter-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xsl-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-xsl-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zip-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zip-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zlib-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"php5-zlib-debuginfo-5.3.17-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:54:26", "description": "According to its banner, the version of PHP installed on the remote\nhost is 5.3.x prior to 5.3.28. It is, therefore, potentially affected\nby the following vulnerabilities :\n\n - A flaw exists in the PHP OpenSSL extension's hostname\n identity check when handling certificates that contain\n hostnames with NULL bytes. An attacker could potentially\n exploit this flaw to conduct man-in-the-middle attacks\n to spoof SSL servers. Note that to exploit this issue,\n an attacker would need to obtain a carefully-crafted\n certificate signed by an authority that the client\n trusts. (CVE-2013-4073, CVE-2013-4248) \n\n - A memory corruption flaw exists in the way the\n openssl_x509_parse() function of the PHP OpenSSL\n extension parsed X.509 certificates. A remote attacker\n could use this flaw to provide a malicious, self-signed\n certificate or a certificate signed by a trusted\n authority to a PHP application using the aforementioned\n function. This could cause the application to crash or\n possibly allow the attacker to execute arbitrary code\n with the privileges of the user running the PHP\n interpreter. (CVE-2013-6420)\n\nNote that this plugin does not attempt to exploit these vulnerabilities,\nbut instead relies only on PHP's self-reported version number.", "edition": 29, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2013-12-14T00:00:00", "title": "PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2013-6420", "CVE-2013-4073"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_3_28.NASL", "href": "https://www.tenable.com/plugins/nessus/71426", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71426);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2013-4073\", \"CVE-2013-4248\", \"CVE-2013-6420\");\n script_bugtraq_id(60843, 61776, 64225);\n script_xref(name:\"EDB-ID\", value:\"30395\");\n\n script_name(english:\"PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks version of PHP\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP installed on the remote\nhost is 5.3.x prior to 5.3.28. It is, therefore, potentially affected\nby the following vulnerabilities :\n\n - A flaw exists in the PHP OpenSSL extension's hostname\n identity check when handling certificates that contain\n hostnames with NULL bytes. An attacker could potentially\n exploit this flaw to conduct man-in-the-middle attacks\n to spoof SSL servers. Note that to exploit this issue,\n an attacker would need to obtain a carefully-crafted\n certificate signed by an authority that the client\n trusts. (CVE-2013-4073, CVE-2013-4248) \n\n - A memory corruption flaw exists in the way the\n openssl_x509_parse() function of the PHP OpenSSL\n extension parsed X.509 certificates. A remote attacker\n could use this flaw to provide a malicious, self-signed\n certificate or a certificate signed by a trusted\n authority to a PHP application using the aforementioned\n function. This could cause the application to crash or\n possibly allow the attacker to execute arbitrary code\n with the privileges of the user running the PHP\n interpreter. (CVE-2013-6420)\n\nNote that this plugin does not attempt to exploit these vulnerabilities,\nbut instead relies only on PHP's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2013/Dec/96\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1036830\");\n # http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6ec9ef9\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-5.php#5.3.28\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.3.28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6420\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.3)?$\") exit(1, \"The banner from the PHP install associated with port \"+port+\" - \"+version+\" - is not granular enough to make a determination.\");\nif (version !~ \"^5\\.3\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.3.x\", port);\n\nif (version =~ \"^5\\.3\\.([0-9]|[1][0-9]|2[0-7])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version+\n '\\n Fixed version : 5.3.28\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:29", "description": "Multiple vulnerabilities has been discovered and corrected in php :\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in\nPHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\n'\\0' character in a domain name in the Subject Alternative Name field\nof an X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408\n(CVE-2013-4248).\n\nThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP\nbefore 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not\nproperly parse (1) notBefore and (2) notAfter timestamps in X.509\ncertificates, which allows remote attackers to execute arbitrary code\nor cause a denial of service (memory corruption) via a crafted\ncertificate that is not properly handled by the openssl_x509_parse\nfunction (CVE-2013-6420).\n\nThe scan function in ext/date/lib/parse_iso_intervals.c in PHP through\n5.5.6 does not properly restrict creation of DateInterval objects,\nwhich might allow remote attackers to cause a denial of service\n(heap-based buffer over-read) via a crafted interval specification\n(CVE-2013-6712).\n\nThe updated php packages have been upgraded to the 5.5.8 version which\nis not vulnerable to these issues.\n\nAdditionally, the PECL packages which requires so has been rebuilt for\nphp-5.5.8 and some has been upgraded to their latest versions.", "edition": 25, "published": "2014-01-22T00:00:00", "title": "Mandriva Linux Security Advisory : php (MDVSA-2014:014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4248", "CVE-2009-2408", "CVE-2013-6420", "CVE-2013-6712"], "modified": "2014-01-22T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-tdb", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-pdo", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:php-yp", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-svn", "p-cpe:/a:mandriva:linux:php-filepro", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-rrdtool", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-id3", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-cairo", "p-cpe:/a:mandriva:linux:php-zlib", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-courierauth", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-xslcache", "p-cpe:/a:mandriva:linux:lib64mbfl1", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-geoip", "p-cpe:/a:mandriva:linux:php-oggvorbis", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-apc", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-sasl", "p-cpe:/a:mandriva:linux:php-event", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-opcache", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-fam", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-doublemetaphone", "p-cpe:/a:mandriva:linux:php-dav", "p-cpe:/a:mandriva:linux:php-gtk2", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-dbase", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-htscanner", "p-cpe:/a:mandriva:linux:php-memcached", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-amf", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-tcpwrap", "p-cpe:/a:mandriva:linux:lib64json2", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-ssh2", "p-cpe:/a:mandriva:linux:lib64mbfl-devel", "p-cpe:/a:mandriva:linux:php-syck", "p-cpe:/a:mandriva:linux:php-gnutls", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-apm", "p-cpe:/a:mandriva:linux:php-imagick", "p-cpe:/a:mandriva:linux:php-sqlite", "p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-newt", "p-cpe:/a:mandriva:linux:php-bitset", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-expect", "p-cpe:/a:mandriva:linux:php-gender", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-bloomy", "p-cpe:/a:mandriva:linux:php-xdiff", "p-cpe:/a:mandriva:linux:php-uuid", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-libevent", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-braille", "p-cpe:/a:mandriva:linux:php-archive", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-inotify", "p-cpe:/a:mandriva:linux:php-yaml", "p-cpe:/a:mandriva:linux:php-memcache", "p-cpe:/a:mandriva:linux:php-bbcode", "p-cpe:/a:mandriva:linux:php-mnogosearch", "p-cpe:/a:mandriva:linux:php-auth_nds", "p-cpe:/a:mandriva:linux:php-mcve", "p-cpe:/a:mandriva:linux:php-wbxml", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:lib64json-devel", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-drizzle", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-apacheaccessor", "p-cpe:/a:mandriva:linux:php-cairo_wrapper", "p-cpe:/a:mandriva:linux:php-mysqlnd", "p-cpe:/a:mandriva:linux:php-haru", "p-cpe:/a:mandriva:linux:php-inclued", "p-cpe:/a:mandriva:linux:php-hidef", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-yaz", "p-cpe:/a:mandriva:linux:php-tk", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-gnupg", "p-cpe:/a:mandriva:linux:php-cyrus", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-radius", "p-cpe:/a:mandriva:linux:php-proctitle", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-dbx", "p-cpe:/a:mandriva:linux:php-apc-admin", "p-cpe:/a:mandriva:linux:php-pam", "p-cpe:/a:mandriva:linux:php-txforward", "p-cpe:/a:mandriva:linux:php-uploadprogress", "p-cpe:/a:mandriva:linux:php-bcompiler", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-mongo", "p-cpe:/a:mandriva:linux:php-swish", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-dio", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xattr", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-suhosin", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-zip"], "id": "MANDRIVA_MDVSA-2014-014.NASL", "href": "https://www.tenable.com/plugins/nessus/72082", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:014. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72082);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4248\", \"CVE-2013-6420\", \"CVE-2013-6712\");\n script_bugtraq_id(61776, 64018, 64225);\n script_xref(name:\"MDVSA\", value:\"2014:014\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2014:014)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in php :\n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in\nPHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\n'\\0' character in a domain name in the Subject Alternative Name field\nof an X.509 certificate, which allows man-in-the-middle attackers to\nspoof arbitrary SSL servers via a crafted certificate issued by a\nlegitimate Certification Authority, a related issue to CVE-2009-2408\n(CVE-2013-4248).\n\nThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP\nbefore 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not\nproperly parse (1) notBefore and (2) notAfter timestamps in X.509\ncertificates, which allows remote attackers to execute arbitrary code\nor cause a denial of service (memory corruption) via a crafted\ncertificate that is not properly handled by the openssl_x509_parse\nfunction (CVE-2013-6420).\n\nThe scan function in ext/date/lib/parse_iso_intervals.c in PHP through\n5.5.6 does not properly restrict creation of DateInterval objects,\nwhich might allow remote attackers to cause a denial of service\n(heap-based buffer over-read) via a crafted interval specification\n(CVE-2013-6712).\n\nThe updated php packages have been upgraded to the 5.5.8 version which\nis not vulnerable to these issues.\n\nAdditionally, the PECL packages which requires so has been rebuilt for\nphp-5.5.8 and some has been upgraded to their latest versions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.5.8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64json2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mbfl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64mbfl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-amf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apacheaccessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apc-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-apm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-archive\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-auth_nds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bbcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcompiler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bitset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bloomy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-braille\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cairo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cairo_wrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-courierauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cyrus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dbx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doublemetaphone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-drizzle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-expect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filepro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gender\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-haru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hidef\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-htscanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-id3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-inclued\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-inotify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-memcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mnogosearch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-oggvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-proctitle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-swish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-syck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tcpwrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-txforward\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-uploadprogress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-uuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wbxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xattr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xdiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xslcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-yaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-yaz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-yp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_php-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64json-devel-0.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64json2-0.11-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mbfl-devel-1.2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64mbfl1-1.2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-amf-0.9.2-10.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apacheaccessor-1.0.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apc-3.1.15-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apc-admin-3.1.15-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-apm-1.1.0-1RC2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-archive-0.2-22.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-auth_nds-2.2.6-28.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bbcode-1.0.3-0.0.b1.5.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bcmath-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bcompiler-1.0.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bitset-2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bloomy-0.1.0-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-braille-0.1.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-bz2-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cairo-0.3.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cairo_wrapper-0.2.4-12.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-calendar-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cgi-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cli-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-courierauth-0.1.0-26.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ctype-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-curl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-cyrus-1.0-30.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dav-1.2-4.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dba-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dbase-5.0.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dbx-1.1.2-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-devel-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dio-0.0.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-doc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-dom-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-doublemetaphone-1.0.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-drizzle-0.4.2-8.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-enchant-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-event-1.8.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-exif-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-expect-0.3.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fam-5.0.1-21.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fileinfo-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-filepro-5.1.6-31.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-filter-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-fpm-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ftp-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gd-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gender-1.0.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-geoip-1.0.8-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gettext-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gmp-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gnupg-1.3.2-8.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gnutls-0.3-0.rc1.25.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-gtk2-2.0.3-0.git20130225.1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-haru-1.0.4-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-hash-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-hidef-0.1.13-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-htscanner-1.0.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-iconv-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-id3-0.2-33.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-imagick-3.1.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-imap-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-inclued-0.1.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ini-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-inotify-0.1.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-intl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-json-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ldap-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-libevent-0.1.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mbstring-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mcrypt-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mcve-7.0.3-11.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-memcache-3.0.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-memcached-2.1.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mnogosearch-1.96-35.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mongo-1.4.5-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mssql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysqli-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-newt-1.2.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-odbc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-oggvorbis-0.2-33.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-opcache-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-openssl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pam-1.0.3-10.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pcntl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_dblib-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_mysql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_odbc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_pgsql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pdo_sqlite-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-pgsql-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-phar-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-posix-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-proctitle-0.1.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-radius-1.2.7-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-readline-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-recode-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-rrdtool-0-35.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sasl-0.1.0-36.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-session-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-shmop-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-snmp-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-soap-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sockets-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sqlite-1.0.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sqlite3-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-ssh2-0.12-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-suhosin-0.9.33-7.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-svn-1.0.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-swish-0.5.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sybase_ct-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-syck-0.9.3-17.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvmsg-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvsem-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-sysvshm-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tcpwrap-1.1.3-18.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tdb-1.0.0-18.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tidy-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-timezonedb-2013.9-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tk-0.1.1-29.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-tokenizer-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-txforward-1.0.7-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-uploadprogress-1.0.3.1-3.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-uuid-1.0.3-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-wbxml-1.0.3-14.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-wddx-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xattr-1.2.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xdiff-1.5.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xml-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlreader-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xmlwriter-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xsl-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-xslcache-0.7.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-yaml-1.1.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-yaz-1.1.6-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-yp-5.2.3-25.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-zip-5.5.8-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-zlib-5.5.8-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:56", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4718", "CVE-2013-4248", "CVE-2009-2408"], "description": "**Issue Overview:**\n\nSession fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. \n\nThe openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to [CVE-2009-2408 __](<https://access.redhat.com/security/cve/CVE-2009-2408>). \n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n php54-devel-5.4.19-1.42.amzn1.i686 \n php54-pdo-5.4.19-1.42.amzn1.i686 \n php54-gd-5.4.19-1.42.amzn1.i686 \n php54-snmp-5.4.19-1.42.amzn1.i686 \n php54-embedded-5.4.19-1.42.amzn1.i686 \n php54-tidy-5.4.19-1.42.amzn1.i686 \n php54-mysqlnd-5.4.19-1.42.amzn1.i686 \n php54-mssql-5.4.19-1.42.amzn1.i686 \n php54-mbstring-5.4.19-1.42.amzn1.i686 \n php54-ldap-5.4.19-1.42.amzn1.i686 \n php54-dba-5.4.19-1.42.amzn1.i686 \n php54-imap-5.4.19-1.42.amzn1.i686 \n php54-xmlrpc-5.4.19-1.42.amzn1.i686 \n php54-pspell-5.4.19-1.42.amzn1.i686 \n php54-fpm-5.4.19-1.42.amzn1.i686 \n php54-common-5.4.19-1.42.amzn1.i686 \n php54-bcmath-5.4.19-1.42.amzn1.i686 \n php54-xml-5.4.19-1.42.amzn1.i686 \n php54-pgsql-5.4.19-1.42.amzn1.i686 \n php54-mysql-5.4.19-1.42.amzn1.i686 \n php54-cli-5.4.19-1.42.amzn1.i686 \n php54-odbc-5.4.19-1.42.amzn1.i686 \n php54-enchant-5.4.19-1.42.amzn1.i686 \n php54-debuginfo-5.4.19-1.42.amzn1.i686 \n php54-5.4.19-1.42.amzn1.i686 \n php54-intl-5.4.19-1.42.amzn1.i686 \n php54-recode-5.4.19-1.42.amzn1.i686 \n php54-soap-5.4.19-1.42.amzn1.i686 \n php54-process-5.4.19-1.42.amzn1.i686 \n php54-mcrypt-5.4.19-1.42.amzn1.i686 \n \n src: \n php54-5.4.19-1.42.amzn1.src \n \n x86_64: \n php54-odbc-5.4.19-1.42.amzn1.x86_64 \n php54-mysql-5.4.19-1.42.amzn1.x86_64 \n php54-debuginfo-5.4.19-1.42.amzn1.x86_64 \n php54-pgsql-5.4.19-1.42.amzn1.x86_64 \n php54-fpm-5.4.19-1.42.amzn1.x86_64 \n php54-process-5.4.19-1.42.amzn1.x86_64 \n php54-dba-5.4.19-1.42.amzn1.x86_64 \n php54-recode-5.4.19-1.42.amzn1.x86_64 \n php54-pspell-5.4.19-1.42.amzn1.x86_64 \n php54-imap-5.4.19-1.42.amzn1.x86_64 \n php54-enchant-5.4.19-1.42.amzn1.x86_64 \n php54-bcmath-5.4.19-1.42.amzn1.x86_64 \n php54-snmp-5.4.19-1.42.amzn1.x86_64 \n php54-soap-5.4.19-1.42.amzn1.x86_64 \n php54-xml-5.4.19-1.42.amzn1.x86_64 \n php54-mssql-5.4.19-1.42.amzn1.x86_64 \n php54-gd-5.4.19-1.42.amzn1.x86_64 \n php54-pdo-5.4.19-1.42.amzn1.x86_64 \n php54-embedded-5.4.19-1.42.amzn1.x86_64 \n php54-mbstring-5.4.19-1.42.amzn1.x86_64 \n php54-common-5.4.19-1.42.amzn1.x86_64 \n php54-tidy-5.4.19-1.42.amzn1.x86_64 \n php54-xmlrpc-5.4.19-1.42.amzn1.x86_64 \n php54-intl-5.4.19-1.42.amzn1.x86_64 \n php54-ldap-5.4.19-1.42.amzn1.x86_64 \n php54-5.4.19-1.42.amzn1.x86_64 \n php54-devel-5.4.19-1.42.amzn1.x86_64 \n php54-mcrypt-5.4.19-1.42.amzn1.x86_64 \n php54-cli-5.4.19-1.42.amzn1.x86_64 \n php54-mysqlnd-5.4.19-1.42.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-09-19T15:28:00", "published": "2013-09-19T15:28:00", "id": "ALAS-2013-224", "href": "https://alas.aws.amazon.com/ALAS-2013-224.html", "title": "Medium: php54", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4248", "CVE-2014-4049", "CVE-2013-6420", "CVE-2014-2497"], "description": "PHP5 has been updated to fix four security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)\n * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)\n * Memory corrpution in openssl_parse_x509 (CVE-2013-6420)\n * Attackers can perform man-in-the-middle attacks by specially\n crafting certificates (CVE-2013-4248)\n\n Security Issues:\n\n * CVE-2014-4049\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049</a>&gt;\n * CVE-2014-2497\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497</a>&gt;\n * CVE-2013-6420\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a>&gt;\n * CVE-2013-4248\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248</a>&gt;\n\n\n", "edition": 1, "modified": "2014-07-05T02:05:05", "published": "2014-07-05T02:05:05", "id": "SUSE-SU-2014:0873-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00004.html", "title": "Security update for PHP5 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:50:21", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4248", "CVE-2014-4049", "CVE-2013-6420", "CVE-2014-2497"], "description": "PHP5 has been updated to fix four security vulnerabilities:\n\n * Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)\n * Heap based buffer overflow in time handling in openssl_x509_parse\n (CVE-2013-6420)\n * Man in the Middle attack in the the openssl_x509_parse due to lack\n of \\0 handling (CVE-2013-4248)\n * NULL pointer dereference in GD XPM decoder (CVE-2014-2497)\n\n Security Issues:\n\n * CVE-2014-4049\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049</a>&gt;\n * CVE-2013-6420\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a>&gt;\n * CVE-2013-4248\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248</a>&gt;\n * CVE-2014-2497\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497</a>&gt;\n\n", "edition": 1, "modified": "2014-07-07T19:04:42", "published": "2014-07-07T19:04:42", "id": "SUSE-SU-2014:0873-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00005.html", "title": "Security update for PHP5 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-4248", "CVE-2009-2408", "CVE-2013-6420", "CVE-2013-6712"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:014\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : January 21, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in php:\r\n \r\n The openssl_x509_parse function in openssl.c in the OpenSSL module in\r\n PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a\r\n &#039;&#92;0&#039; character in a domain name in the Subject Alternative Name field\r\n of an X.509 certificate, which allows man-in-the-middle attackers\r\n to spoof arbitrary SSL servers via a crafted certificate issued by a\r\n legitimate Certification Authority, a related issue to CVE-2009-2408\r\n &#40;CVE-2013-4248&#41;.\r\n \r\n The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP\r\n before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not\r\n properly parse &#40;1&#41; notBefore and &#40;2&#41; notAfter timestamps in X.509\r\n certificates, which allows remote attackers to execute arbitrary\r\n code or cause a denial of service &#40;memory corruption&#41; via a crafted\r\n certificate that is not properly handled by the openssl_x509_parse\r\n function &#40;CVE-2013-6420&#41;.\r\n \r\n The scan function in ext/date/lib/parse_iso_intervals.c in PHP through\r\n 5.5.6 does not properly restrict creation of DateInterval objects,\r\n which might allow remote attackers to cause a denial of service\r\n &#40;heap-based buffer over-read&#41; via a crafted interval specification\r\n &#40;CVE-2013-6712&#41;.\r\n \r\n The updated php packages have been upgraded to the 5.5.8 version\r\n which is not vulnerable to these issues.\r\n \r\n Additionally, the PECL packages which requires so has been rebuilt\r\n for php-5.5.8 and some has been upgraded to their latest versions.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712\r\n http://www.php.net/ChangeLog-5.php#5.5.8\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 6cbe3c3e54feb911f830a84798cba59b mbs1/x86_64/apache-mod_php-5.5.8-1.mbs1.x86_64.rpm\r\n a10aeb6dd4d85ab4c45b7acb3a080bf1 mbs1/x86_64/lib64json2-0.11-1.mbs1.x86_64.rpm\r\n e661a00b2ea0b360f73c32c633a5665b mbs1/x86_64/lib64json-devel-0.11-1.mbs1.x86_64.rpm\r\n b7938d352e62b7679b55c874e06fbe33 mbs1/x86_64/lib64mbfl1-1.2.0-1.mbs1.x86_64.rpm\r\n 9b84b48d9b2a18e048e1c40c786fc3d5 mbs1/x86_64/lib64mbfl-devel-1.2.0-1.mbs1.x86_64.rpm\r\n 7d4766a2eb0dd7048917eec2e1f9461f mbs1/x86_64/lib64php5_common5-5.5.8-1.mbs1.x86_64.rpm\r\n a6a17628ec5c2528b42d0308b44b8602 mbs1/x86_64/php-amf-0.9.2-10.1.mbs1.x86_64.rpm\r\n f47775a96d510872e93af788c942eb0d mbs1/x86_64/php-apacheaccessor-1.0.1-1.mbs1.x86_64.rpm\r\n 61c55f41ddc362a27b0d622fd72f832b mbs1/x86_64/php-apc-3.1.15-1.2.mbs1.x86_64.rpm\r\n 23e851dddb7a7e036eab0bbe753d22fc mbs1/x86_64/php-apc-admin-3.1.15-1.2.mbs1.x86_64.rpm\r\n 59f6774136e76c82ea13566c73ff5579 mbs1/x86_64/php-apm-1.1.0-1RC2.mbs1.x86_64.rpm\r\n 41f2071c87dc54edd1b35eb3b050523d mbs1/x86_64/php-archive-0.2-22.1.mbs1.x86_64.rpm\r\n 6eea5350fd29e56ab3c6530fd4a8eb2d mbs1/x86_64/php-auth_nds-2.2.6-28.1.mbs1.x86_64.rpm\r\n 09769fd2f27af4498679488463d4f0d0 mbs1/x86_64/php-bbcode-1.0.3-0.0.b1.5.mbs1.x86_64.rpm\r\n 046aade243a8dfbb4ae5235333404450 mbs1/x86_64/php-bcmath-5.5.8-1.mbs1.x86_64.rpm\r\n d41522e2a71180202c9ea965ab8bb87d mbs1/x86_64/php-bcompiler-1.0.2-3.1.mbs1.x86_64.rpm\r\n 22108d55173d81e808601cac8da19528 mbs1/x86_64/php-bitset-2.0-1.mbs1.x86_64.rpm\r\n 60a5774e783dc9410a3abecd25567242 mbs1/x86_64/php-bloomy-0.1.0-11.1.mbs1.x86_64.rpm\r\n bf678b9a204be1b978643122de681fa8 mbs1/x86_64/php-braille-0.1.1-1.mbs1.x86_64.rpm\r\n bb70b7e885f18b80db1ee6738ce3be50 mbs1/x86_64/php-bz2-5.5.8-1.mbs1.x86_64.rpm\r\n 6d44169948606477f69f70f7ad578f53 mbs1/x86_64/php-cairo-0.3.2-1.mbs1.x86_64.rpm\r\n 163f88e5a8527945410c21717dc0c523 mbs1/x86_64/php-cairo_wrapper-0.2.4-12.1.mbs1.x86_64.rpm\r\n bbfb9602746185c2ccee545bda5cea1b mbs1/x86_64/php-calendar-5.5.8-1.mbs1.x86_64.rpm\r\n 6cd3f73d40196e91b3d5b0d115fd2781 mbs1/x86_64/php-cgi-5.5.8-1.mbs1.x86_64.rpm\r\n 303f2b6bd21379576c64e9babe78b5a4 mbs1/x86_64/php-cli-5.5.8-1.mbs1.x86_64.rpm\r\n 1b986fc42ec86b34203557515332cbcb mbs1/x86_64/php-courierauth-0.1.0-26.1.mbs1.x86_64.rpm\r\n a451399cac0d1eb96c02b82c3682bacb mbs1/x86_64/php-ctype-5.5.8-1.mbs1.x86_64.rpm\r\n fff5e8e41e8d91ba8f45dc2c2e09de3e mbs1/x86_64/php-curl-5.5.8-1.mbs1.x86_64.rpm\r\n 9d8d29b7e05ecdb5b209c5f3e9ea11ef mbs1/x86_64/php-cyrus-1.0-30.1.mbs1.x86_64.rpm\r\n be02c96797fe3505035103a28a646650 mbs1/x86_64/php-dav-1.2-4.1.mbs1.x86_64.rpm\r\n b1d13d3740cd6d6c80b4ea9f6deccb1f mbs1/x86_64/php-dba-5.5.8-1.mbs1.x86_64.rpm\r\n 0c1f23ac85aa3da6731cb50877f4933e mbs1/x86_64/php-dbase-5.0.1-3.1.mbs1.x86_64.rpm\r\n 90a56987be11920d4bd5e435e92dd07e mbs1/x86_64/php-dbx-1.1.2-3.1.mbs1.x86_64.rpm\r\n f2924a0354eb16c217b5f7ae073df1e7 mbs1/x86_64/php-devel-5.5.8-1.mbs1.x86_64.rpm\r\n 92a8332882a805d53823f0c950de0d95 mbs1/x86_64/php-dio-0.0.7-1.mbs1.x86_64.rpm\r\n 18e14cc713ce4e782d3378a6b50739d7 mbs1/x86_64/php-doc-5.5.8-1.mbs1.noarch.rpm\r\n 19fe234353968902a9095dac4fd4914b mbs1/x86_64/php-dom-5.5.8-1.mbs1.x86_64.rpm\r\n 3f86006633057b7819cb7ff0109d8bc3 mbs1/x86_64/php-doublemetaphone-1.0.0-1.mbs1.x86_64.rpm\r\n 1c9d18a83bb590cc398de98529619fbe mbs1/x86_64/php-drizzle-0.4.2-8.1.mbs1.x86_64.rpm\r\n 681f9d0f04e86b10bcdab85e8ab46646 mbs1/x86_64/php-enchant-5.5.8-1.mbs1.x86_64.rpm\r\n 86a0fd5715e93fe2ad3af8af9c762f5e mbs1/x86_64/php-event-1.8.1-1.mbs1.x86_64.rpm\r\n e885e3a1aa38a84f3a91a2f3adfdd9ed mbs1/x86_64/php-exif-5.5.8-1.mbs1.x86_64.rpm\r\n 28cbec3693e2ec299ae14f4d3aee2bab mbs1/x86_64/php-expect-0.3.1-3.1.mbs1.x86_64.rpm\r\n 1f6e495022af41702d958c5e4c5a7a0c mbs1/x86_64/php-fam-5.0.1-21.1.mbs1.x86_64.rpm\r\n dcc659581a3370b6152a0be1c3d4330a mbs1/x86_64/php-fileinfo-5.5.8-1.mbs1.x86_64.rpm\r\n 51361ea120255c19051acce2f7c52373 mbs1/x86_64/php-filepro-5.1.6-31.1.mbs1.x86_64.rpm\r\n 57ffefd27baab8189b77ec065f6c25fb mbs1/x86_64/php-filter-5.5.8-1.mbs1.x86_64.rpm\r\n 40ef3b1acf64c3dbbec30ed053faf91d mbs1/x86_64/php-fpm-5.5.8-1.mbs1.x86_64.rpm\r\n 585a27ca37d6e425e33ebffda8d4a3c5 mbs1/x86_64/php-ftp-5.5.8-1.mbs1.x86_64.rpm\r\n f7e17547d06d727435d842566711bd1f mbs1/x86_64/php-gd-5.5.8-1.mbs1.x86_64.rpm\r\n 424413861017a0d960ec25799f7e6d96 mbs1/x86_64/php-gender-1.0.0-1.mbs1.x86_64.rpm\r\n 326ce65eb182fa95338b4950bf2902d8 mbs1/x86_64/php-geoip-1.0.8-3.1.mbs1.x86_64.rpm\r\n e8e5d68ccd220fa1411538c887a9b033 mbs1/x86_64/php-gettext-5.5.8-1.mbs1.x86_64.rpm\r\n e52ebf9fbb468cc480ff89b16746ac32 mbs1/x86_64/php-gmp-5.5.8-1.mbs1.x86_64.rpm\r\n 705599e093ed673401b92dcc55d7f7af mbs1/x86_64/php-gnupg-1.3.2-8.1.mbs1.x86_64.rpm\r\n e3acb8961bcb47b82eae4f2d1f0a5533 mbs1/x86_64/php-gnutls-0.3-0.rc1.25.mbs1.x86_64.rpm\r\n 63cace0435e5165bb99868f0b77fd0fb mbs1/x86_64/php-gtk2-2.0.3-0.git20130225.1.1.mbs1.x86_64.rpm\r\n d24ba27252b2d03b1ac45de414ace8f4 mbs1/x86_64/php-haru-1.0.4-1.mbs1.x86_64.rpm\r\n 69dcad6cd94a553145fc7170eb92b9ab mbs1/x86_64/php-hash-5.5.8-1.mbs1.x86_64.rpm\r\n 011ee7e7c17f420f6fdddb73f07e2689 mbs1/x86_64/php-hidef-0.1.13-1.mbs1.x86_64.rpm\r\n 5be11ca2acde72985150182165690a1e mbs1/x86_64/php-htscanner-1.0.1-1.mbs1.x86_64.rpm\r\n 1ef360e88e9e53f426b6128b352d4498 mbs1/x86_64/php-iconv-5.5.8-1.mbs1.x86_64.rpm\r\n 241adb52708e8152bbd264477d2c6685 mbs1/x86_64/php-id3-0.2-33.1.mbs1.x86_64.rpm\r\n 18a9444caba90afd57ac9d349de79592 mbs1/x86_64/php-imagick-3.1.2-1.mbs1.x86_64.rpm\r\n fb435f0e0c06838e6ba4b8e55edb65da mbs1/x86_64/php-imap-5.5.8-1.mbs1.x86_64.rpm\r\n e3d4b8b1a34ee2fff2514799d39d6c83 mbs1/x86_64/php-inclued-0.1.3-1.mbs1.x86_64.rpm\r\n 9a62365f025a6cd92a5649800f94e392 mbs1/x86_64/php-ini-5.5.8-1.mbs1.x86_64.rpm\r\n cc0fa3dfabc021d0a6f97de624c72451 mbs1/x86_64/php-inotify-0.1.6-1.mbs1.x86_64.rpm\r\n f7c954f5f7a8c3497244dab0ac9cc874 mbs1/x86_64/php-intl-5.5.8-1.mbs1.x86_64.rpm\r\n 72104e0ea01d0b8d7025ae3de961d950 mbs1/x86_64/php-json-5.5.8-1.mbs1.x86_64.rpm\r\n 788d244d7832eca94dc694ec2642c24b mbs1/x86_64/php-ldap-5.5.8-1.mbs1.x86_64.rpm\r\n ef1754adb00601ab1c4c29bb1fd1ef59 mbs1/x86_64/php-libevent-0.1.0-1.mbs1.x86_64.rpm\r\n b300a580ba667f6898875fc41d19116f mbs1/x86_64/php-mbstring-5.5.8-1.mbs1.x86_64.rpm\r\n bb5fecd25651248b7d4731b1aea2b31e mbs1/x86_64/php-mcrypt-5.5.8-1.mbs1.x86_64.rpm\r\n 299d7d44e160c8b4e5b7f30644c65a67 mbs1/x86_64/php-mcve-7.0.3-11.1.mbs1.x86_64.rpm\r\n db5be0ea33960859e4f31dc1d8e6c5af mbs1/x86_64/php-memcache-3.0.8-1.mbs1.x86_64.rpm\r\n bc238ba372583c19c57f658ff4225518 mbs1/x86_64/php-memcached-2.1.0-1.mbs1.x86_64.rpm\r\n fbd5ebb29764a11aa742e77fde63ec03 mbs1/x86_64/php-mnogosearch-1.96-35.1.mbs1.x86_64.rpm\r\n 2c0d85ca48d9b1f22f0f8445364f97e5 mbs1/x86_64/php-mongo-1.4.5-1.mbs1.x86_64.rpm\r\n a87d1de22d52d2e51bb3977a87afb715 mbs1/x86_64/php-mssql-5.5.8-1.mbs1.x86_64.rpm\r\n c2c1b538550758102b8b456a0db9c18f mbs1/x86_64/php-mysql-5.5.8-1.mbs1.x86_64.rpm\r\n c09aef537da221b4eebbaad7a893e195 mbs1/x86_64/php-mysqli-5.5.8-1.mbs1.x86_64.rpm\r\n f50cb148d81ecf786c80661e19714893 mbs1/x86_64/php-mysqlnd-5.5.8-1.mbs1.x86_64.rpm\r\n 25ca5ff7bb6a4bb39e17bef527a4daec mbs1/x86_64/php-newt-1.2.8-1.mbs1.x86_64.rpm\r\n 823b8d9b36c8b34b5f80f3f478d5be7d mbs1/x86_64/php-odbc-5.5.8-1.mbs1.x86_64.rpm\r\n 821f30096996e971be059dcc617beeb4 mbs1/x86_64/php-oggvorbis-0.2-33.1.mbs1.x86_64.rpm\r\n ec2c830033979609b85d19722079ad45 mbs1/x86_64/php-opcache-5.5.8-1.mbs1.x86_64.rpm\r\n 0e66afe941f83d77128a0326fea38368 mbs1/x86_64/php-openssl-5.5.8-1.mbs1.x86_64.rpm\r\n e8b0808df1e75e9eee987d1c38d0de41 mbs1/x86_64/php-pam-1.0.3-10.1.mbs1.x86_64.rpm\r\n c9772947df6039925dc89ed495c5eea0 mbs1/x86_64/php-pcntl-5.5.8-1.mbs1.x86_64.rpm\r\n 2d6f78b753dce6b022f0f495e5894bfe mbs1/x86_64/php-pdo-5.5.8-1.mbs1.x86_64.rpm\r\n 27dd4d459d9c50a3fa5ee81d988e6c4e mbs1/x86_64/php-pdo_dblib-5.5.8-1.mbs1.x86_64.rpm\r\n 060ad327a9a83ef417f9b0bdd60b7529 mbs1/x86_64/php-pdo_mysql-5.5.8-1.mbs1.x86_64.rpm\r\n f42d6c75dcd550e902bdda0672407f17 mbs1/x86_64/php-pdo_odbc-5.5.8-1.mbs1.x86_64.rpm\r\n 0e3764c821f508322e40a779a6694d36 mbs1/x86_64/php-pdo_pgsql-5.5.8-1.mbs1.x86_64.rpm\r\n af7cc29beea4f7a1aa87f81cc0f42e4d mbs1/x86_64/php-pdo_sqlite-5.5.8-1.mbs1.x86_64.rpm\r\n 6dc688c04f4a9617f5d9f179d5bffad3 mbs1/x86_64/php-pgsql-5.5.8-1.mbs1.x86_64.rpm\r\n e9e88947d413f78a0de370b45cd1e581 mbs1/x86_64/php-phar-5.5.8-1.mbs1.x86_64.rpm\r\n c4cbe315a3897b156de8d8b1ebee2454 mbs1/x86_64/php-posix-5.5.8-1.mbs1.x86_64.rpm\r\n a22a1d86311d97a6e74f41d4c5cee58a mbs1/x86_64/php-proctitle-0.1.2-1.mbs1.x86_64.rpm\r\n 1a642e05f7e4acbc0574700d39277f68 mbs1/x86_64/php-radius-1.2.7-1.1.mbs1.x86_64.rpm\r\n 364d5f30ed13942441cc6728af41f3ce mbs1/x86_64/php-readline-5.5.8-1.mbs1.x86_64.rpm\r\n 8e09378518bf4efca20b146d2ad3ae18 mbs1/x86_64/php-recode-5.5.8-1.mbs1.x86_64.rpm\r\n aca1fc497f23bebd1b261a91b4453c83 mbs1/x86_64/php-rrdtool-0-35.1.mbs1.x86_64.rpm\r\n b7ff902ed02d70049b9fdfa86c82c2bd mbs1/x86_64/php-sasl-0.1.0-36.1.mbs1.x86_64.rpm\r\n f28d198a8148aa993accca677f3921ce mbs1/x86_64/php-session-5.5.8-1.mbs1.x86_64.rpm\r\n 9ac8db465023197ca4a3f3358865d6c4 mbs1/x86_64/php-shmop-5.5.8-1.mbs1.x86_64.rpm\r\n 994c1f4ef6fdbb46a1217a0b4679b540 mbs1/x86_64/php-snmp-5.5.8-1.mbs1.x86_64.rpm\r\n 122de98493f51dad25fad1bd6490b14d mbs1/x86_64/php-soap-5.5.8-1.mbs1.x86_64.rpm\r\n 26cb96e64938013375ff2720787dbce3 mbs1/x86_64/php-sockets-5.5.8-1.mbs1.x86_64.rpm\r\n c03f6d3524750a11a26984a5680b6e31 mbs1/x86_64/php-sqlite-1.0.3-1.mbs1.x86_64.rpm\r\n cf9b1e1845c4df39e65c721b5ebe1ecd mbs1/x86_64/php-sqlite3-5.5.8-1.mbs1.x86_64.rpm\r\n 3692df1b43da42070fb2245ba85736d7 mbs1/x86_64/php-ssh2-0.12-1.mbs1.x86_64.rpm\r\n 46b107eaf4753b6f3e5b1d1c01014ac4 mbs1/x86_64/php-suhosin-0.9.33-7.2.mbs1.x86_64.rpm\r\n 648fa01ef7b191c206881bc81fc91cae mbs1/x86_64/php-svn-1.0.2-1.mbs1.x86_64.rpm\r\n 4f76f8fdc2c3b96130b50693f44fb82d mbs1/x86_64/php-swish-0.5.0-1.mbs1.x86_64.rpm\r\n dcda9398908f302d916e16ac23edc864 mbs1/x86_64/php-sybase_ct-5.5.8-1.mbs1.x86_64.rpm\r\n 05c262004a13838b354818605091d375 mbs1/x86_64/php-syck-0.9.3-17.1.mbs1.x86_64.rpm\r\n 911002b84d2ccf6632ab78148eeaa836 mbs1/x86_64/php-sysvmsg-5.5.8-1.mbs1.x86_64.rpm\r\n 64ee1ae53811450f47ced3dfc180cd3b mbs1/x86_64/php-sysvsem-5.5.8-1.mbs1.x86_64.rpm\r\n 8822eff6601523af2aec8a4b40278d5c mbs1/x86_64/php-sysvshm-5.5.8-1.mbs1.x86_64.rpm\r\n cb7122e7b2b81860304578978b20fae4 mbs1/x86_64/php-tcpwrap-1.1.3-18.1.mbs1.x86_64.rpm\r\n dd20d26681b253ca10d226b576cd9da7 mbs1/x86_64/php-tdb-1.0.0-18.1.mbs1.x86_64.rpm\r\n 89ca00e2d6b8a0655161caf3d975a29c mbs1/x86_64/php-tidy-5.5.8-1.mbs1.x86_64.rpm\r\n 63e583090b7d6e86679d9cf4dadd13b8 mbs1/x86_64/php-timezonedb-2013.9-1.1.mbs1.x86_64.rpm\r\n 51abf076f5d22b0393f94d74bf384502 mbs1/x86_64/php-tk-0.1.1-29.1.mbs1.x86_64.rpm\r\n a2a8c303e251afdfd6b6eb84307f95cd mbs1/x86_64/php-tokenizer-5.5.8-1.mbs1.x86_64.rpm\r\n 2d6a9a2ee9034ca19c81914f10dbaaf1 mbs1/x86_64/php-txforward-1.0.7-3.1.mbs1.x86_64.rpm\r\n a91cc0a9f98d6be93242c761722c3363 mbs1/x86_64/php-uploadprogress-1.0.3.1-3.1.mbs1.x86_64.rpm\r\n 4cad056354849adc02de0899481f2c0e mbs1/x86_64/php-uuid-1.0.3-1.mbs1.x86_64.rpm\r\n 269b8bdd1a21e7f7688a60cb6d4e66c9 mbs1/x86_64/php-wbxml-1.0.3-14.1.mbs1.x86_64.rpm\r\n 3c324e3865d37e40e0c44d703e6af971 mbs1/x86_64/php-wddx-5.5.8-1.mbs1.x86_64.rpm\r\n 272928a998127f03fa7b466bdae5625b mbs1/x86_64/php-xattr-1.2.0-1.mbs1.x86_64.rpm\r\n 1a36dc739e5b59e1a7234c20252bb30c mbs1/x86_64/php-xdiff-1.5.2-1.mbs1.x86_64.rpm\r\n e21b93c47fc09d426b1e9873d922c9b6 mbs1/x86_64/php-xml-5.5.8-1.mbs1.x86_64.rpm\r\n 18b1f4b35359ef4803840b6a59023662 mbs1/x86_64/php-xmlreader-5.5.8-1.mbs1.x86_64.rpm\r\n 32cac8722f385bd6c889c7998708f896 mbs1/x86_64/php-xmlrpc-5.5.8-1.mbs1.x86_64.rpm\r\n 17741808a8ab423b918e15d791a470a0 mbs1/x86_64/php-xmlwriter-5.5.8-1.mbs1.x86_64.rpm\r\n c4ca4a667ea3d67c2a5f41be43e275ef mbs1/x86_64/php-xsl-5.5.8-1.mbs1.x86_64.rpm\r\n 26c7a4cb6e3a349f184cb151b3e66bbe mbs1/x86_64/php-xslcache-0.7.2-1.mbs1.x86_64.rpm\r\n 2ec0a54234ba1f9408a1dfc312ce15bb mbs1/x86_64/php-yaml-1.1.1-1.mbs1.x86_64.rpm\r\n d8d867f694f761e0c1fbb42f37671246 mbs1/x86_64/php-yaz-1.1.6-1.mbs1.x86_64.rpm\r\n d3a22538565c0e70823ab006a918b599 mbs1/x86_64/php-yp-5.2.3-25.1.mbs1.x86_64.rpm\r\n e8a6f6b750a57d30cab05f43ed0d2826 mbs1/x86_64/php-zip-5.5.8-1.mbs1.x86_64.rpm\r\n 85fc2115c2d73651c13b7e7d579035c2 mbs1/x86_64/php-zlib-5.5.8-1.mbs1.x86_64.rpm \r\n dffedeb2bc9dbcf09a08c5b8ee085241 mbs1/SRPMS/json-c-0.11-1.mbs1.src.rpm\r\n af6e8a771ad6e82cc4890d017a282a54 mbs1/SRPMS/libmbfl-1.2.0-1.mbs1.src.rpm\r\n 208cadf784cf7e5d87473a66b1ad9dec mbs1/SRPMS/php-5.5.8-1.mbs1.src.rpm\r\n 569fe67ccfe844b44d66cd5801c87029 mbs1/SRPMS/php-amf-0.9.2-10.1.mbs1.src.rpm\r\n 18c40965301ed883fdc24604257cd1e5 mbs1/SRPMS/php-apacheaccessor-1.0.1-1.mbs1.src.rpm\r\n f7450092f00a1271e4c767317739caf9 mbs1/SRPMS/php-apc-3.1.15-1.2.mbs1.src.rpm\r\n 05ac57db5fca564a1056dfbaffb98a5e mbs1/SRPMS/php-apm-1.1.0-1RC2.mbs1.src.rpm\r\n 92d6548693ee63aa19a50bf8662db4b1 mbs1/SRPMS/php-archive-0.2-22.1.mbs1.src.rpm\r\n 937fe1748c3a85337d74d9d25a5f64b2 mbs1/SRPMS/php-auth_nds-2.2.6-28.1.mbs1.src.rpm\r\n 73b13a0ed1ef4c11411c8482d924346a mbs1/SRPMS/php-bbcode-1.0.3-0.0.b1.5.mbs1.src.rpm\r\n 2e6d69003f3b782b4dd304a7fb7838d6 mbs1/SRPMS/php-bcompiler-1.0.2-3.1.mbs1.src.rpm\r\n 0514e5ace4b598d1f2f380eee232d906 mbs1/SRPMS/php-bitset-2.0-1.mbs1.src.rpm\r\n f681295764f84a253a17a6f8f0de66f3 mbs1/SRPMS/php-bloomy-0.1.0-11.1.mbs1.src.rpm\r\n f099bc978799afff5ed4ab35cde70633 mbs1/SRPMS/php-braille-0.1.1-1.mbs1.src.rpm\r\n 522cd2c8a16f78acdc7dc5f80fff34e4 mbs1/SRPMS/php-cairo-0.3.2-1.mbs1.src.rpm\r\n 56436636c2f04d70a96d6cb571abcf03 mbs1/SRPMS/php-cairo_wrapper-0.2.4-12.1.mbs1.src.rpm\r\n 16e205bc0339a90acb9560df409be2f7 mbs1/SRPMS/php-courierauth-0.1.0-26.1.mbs1.src.rpm\r\n fc4f8967c11cc4b2080193ea11439f10 mbs1/SRPMS/php-cyrus-1.0-30.1.mbs1.src.rpm\r\n 028cd11a27d1caf3fa0bfb7ccba72dff mbs1/SRPMS/php-dav-1.2-4.1.mbs1.src.rpm\r\n 6e7fa7b114c2262288d12b16b67f9398 mbs1/SRPMS/php-dbase-5.0.1-3.1.mbs1.src.rpm\r\n f5a32e8c86e6d8a37ea49f6edcc8f2eb mbs1/SRPMS/php-dbx-1.1.2-3.1.mbs1.src.rpm\r\n 28361b8014ef86de714370ed2f9c8523 mbs1/SRPMS/php-dio-0.0.7-1.mbs1.src.rpm\r\n 46cd6b2052a284a5e4b6cd2e9ce0f35b mbs1/SRPMS/php-doublemetaphone-1.0.0-1.mbs1.src.rpm\r\n 216f54099506165d92e2fa5eb5fa895b mbs1/SRPMS/php-drizzle-0.4.2-8.1.mbs1.src.rpm\r\n 8103618186a8263b5aa140ac2604a377 mbs1/SRPMS/php-event-1.8.1-1.mbs1.src.rpm\r\n 117870df2707a9f7f743e0d5e006f01c mbs1/SRPMS/php-expect-0.3.1-3.1.mbs1.src.rpm\r\n 1e9571e84f5c216436346ba4f0ef7e01 mbs1/SRPMS/php-fam-5.0.1-21.1.mbs1.src.rpm\r\n 12ab1fab99d150362d41a2462432616f mbs1/SRPMS/php-filepro-5.1.6-31.1.mbs1.src.rpm\r\n b8f3eeac43f32ffab74d3a6a2e1a95a9 mbs1/SRPMS/php-gender-1.0.0-1.mbs1.src.rpm\r\n f4b01e4ea76567f29b6302a94de0187e mbs1/SRPMS/php-geoip-1.0.8-3.1.mbs1.src.rpm\r\n ad38f3ef3e39a2cc1ff974fb6fee5f27 mbs1/SRPMS/php-gnupg-1.3.2-8.1.mbs1.src.rpm\r\n 7993893485eed60a687dd9072e58ceb7 mbs1/SRPMS/php-gnutls-0.3-0.rc1.25.mbs1.src.rpm\r\n 93667de0345b12d30fd9a90850ccfa64 mbs1/SRPMS/php-gtk2-2.0.3-0.git20130225.1.1.mbs1.src.rpm\r\n 05bf2145f513bfa34f36e60032d752c1 mbs1/SRPMS/php-haru-1.0.4-1.mbs1.src.rpm\r\n efc0bfbf4490ea6bf61464fcc397661e mbs1/SRPMS/php-hidef-0.1.13-1.mbs1.src.rpm\r\n 4c4dcf9335bab8530c2b5a8f5d07fdf5 mbs1/SRPMS/php-htscanner-1.0.1-1.mbs1.src.rpm\r\n 4d39a950797e8df46762c5c73e170179 mbs1/SRPMS/php-id3-0.2-33.1.mbs1.src.rpm\r\n 1a756001cd773cdc7ca5f797e7171660 mbs1/SRPMS/php-imagick-3.1.2-1.mbs1.src.rpm\r\n 7fd6af5d9de5290b131e9624ec67b6bc mbs1/SRPMS/php-inclued-0.1.3-1.mbs1.src.rpm\r\n 57ca03ec85af8be4d4db50843d7adeb4 mbs1/SRPMS/php-inotify-0.1.6-1.mbs1.src.rpm\r\n 58c4db8af664a6790e382575b8b39151 mbs1/SRPMS/php-libevent-0.1.0-1.mbs1.src.rpm\r\n fde733df58d1daf042d0948be090e961 mbs1/SRPMS/php-mcve-7.0.3-11.1.mbs1.src.rpm\r\n 9340b22c4c7b2c5071c197c8fe22aa02 mbs1/SRPMS/php-memcache-3.0.8-1.mbs1.src.rpm\r\n a9c5cbd1eeab91714ec8ce69106e1a20 mbs1/SRPMS/php-memcached-2.1.0-1.mbs1.src.rpm\r\n 6cd241db51c9f1e51bc81e2dfecb485b mbs1/SRPMS/php-mnogosearch-1.96-35.1.mbs1.src.rpm\r\n 98d85dfb93b0a0c269a9a2d3f6f0eede mbs1/SRPMS/php-mongo-1.4.5-1.mbs1.src.rpm\r\n 2524e31d5a61e1352dce360526149544 mbs1/SRPMS/php-newt-1.2.8-1.mbs1.src.rpm\r\n b117d574a2eb07efbeef7e68eb3dbf38 mbs1/SRPMS/php-oggvorbis-0.2-33.1.mbs1.src.rpm\r\n 25eef544c81b44775441da1a9d4a5f8e mbs1/SRPMS/php-pam-1.0.3-10.1.mbs1.src.rpm\r\n e4812e2fb71334c1470855047d33ff92 mbs1/SRPMS/php-proctitle-0.1.2-1.mbs1.src.rpm\r\n b34e461b5688ed89bcde35f46d34615a mbs1/SRPMS/php-radius-1.2.7-1.1.mbs1.src.rpm\r\n 40dbef246efb480f12286479828f0172 mbs1/SRPMS/php-rrdtool-0-35.1.mbs1.src.rpm\r\n 60701f0629317b0bec9f1bdd43354e19 mbs1/SRPMS/php-sasl-0.1.0-36.1.mbs1.src.rpm\r\n 5a75e8c81e606385c707b714b6282e5a mbs1/SRPMS/php-sqlite-1.0.3-1.mbs1.src.rpm\r\n ca0c2cf7daea363b6dbe0b1ef89982c1 mbs1/SRPMS/php-ssh2-0.12-1.mbs1.src.rpm\r\n 2df05fb13a6318aa63d52b58018aaac9 mbs1/SRPMS/php-suhosin-0.9.33-7.2.mbs1.src.rpm\r\n 9a9ab66c2049d3b901a1a29cb41866fc mbs1/SRPMS/php-svn-1.0.2-1.mbs1.src.rpm\r\n 62182c75a65d16872febeb225d345f40 mbs1/SRPMS/php-swish-0.5.0-1.mbs1.src.rpm\r\n fdb525c5d728fb5058edc0bde32f8207 mbs1/SRPMS/php-syck-0.9.3-17.1.mbs1.src.rpm\r\n fdc70578239b8ad71a29d2164346b2e3 mbs1/SRPMS/php-tcpwrap-1.1.3-18.1.mbs1.src.rpm\r\n 7eca5e164fe2c13313d24fa2d9192b2f mbs1/SRPMS/php-tdb-1.0.0-18.1.mbs1.src.rpm\r\n d9b8b9498a693a047250431b387d1a38 mbs1/SRPMS/php-timezonedb-2013.9-1.1.mbs1.src.rpm\r\n 05f98d011308f8e5b93678bc6f8131de mbs1/SRPMS/php-tk-0.1.1-29.1.mbs1.src.rpm\r\n cf608a75bbbaea51c1ce0b04719ce746 mbs1/SRPMS/php-txforward-1.0.7-3.1.mbs1.src.rpm\r\n 4a1bae8e064b076164b81d5e79bd5e4b mbs1/SRPMS/php-uploadprogress-1.0.3.1-3.1.mbs1.src.rpm\r\n 23a9cf1fa7db9dc8843c9262795a1eb1 mbs1/SRPMS/php-uuid-1.0.3-1.mbs1.src.rpm\r\n f1c54907e7c544dfd95764da8175f749 mbs1/SRPMS/php-wbxml-1.0.3-14.1.mbs1.src.rpm\r\n 2c57275de2451e91cbfc271ae14595dc mbs1/SRPMS/php-xattr-1.2.0-1.mbs1.src.rpm\r\n 82d034516dcfe4fbaf68640ccd017a1f mbs1/SRPMS/php-xdiff-1.5.2-1.mbs1.src.rpm\r\n c19da5f5199dbc4d58a2c1d9b7de5bff mbs1/SRPMS/php-xslcache-0.7.2-1.mbs1.src.rpm\r\n b05fbb9a7a6ca882fcb7ed4cab1c3886 mbs1/SRPMS/php-yaml-1.1.1-1.mbs1.src.rpm\r\n b2859baaf205be29a938df103529659d mbs1/SRPMS/php-yaz-1.1.6-1.mbs1.src.rpm\r\n 8544a9059f4099bc17bdd31cb2218aee mbs1/SRPMS/php-yp-5.2.3-25.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFS3pnTmqjQ0CJFipgRAtkRAJ417vt7FzRaoh3u+es+hZpnI/G1kwCfcGWD\r\nxmJGFGNLyeQwnIXiJs7+QxY=\r\n=ro67\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-01-29T00:00:00", "published": "2014-01-29T00:00:00", "id": "SECURITYVULNS:DOC:30264", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30264", "title": "[ MDVSA-2014:014 ] php", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0185"], "description": "Weak unix socket permissions.", "edition": 1, "modified": "2014-05-30T00:00:00", "published": "2014-05-30T00:00:00", "id": "SECURITYVULNS:VULN:13796", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13796", "title": "PHP privilege escalation", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0185"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:087\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : php\r\n Date : May 15, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in php:\r\n \r\n PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain\r\n socket with world-writable permissions by default, which allows any\r\n local user to connect to it and execute PHP scripts as the apache user\r\n &#40;CVE-2014-0185&#41;.\r\n \r\n The updated php packages have been upgraded to the 5.5.12 version\r\n which is not vulnerable to this issue.\r\n \r\n Additionally, the timezonedb packages has been upgraded to the latest\r\n 2014.3 version, the php-suhosin packages has been upgraded to the\r\n latest 0.9.35 version which has better support for php-5.5 and the\r\n PECL packages which requires so has been rebuilt for php-5.5.12.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n df283b0fbf1a40933a09a0437306e077 mbs1/x86_64/apache-mod_php-5.5.12-1.mbs1.x86_64.rpm\r\n 1abe9798b925025ec94da9a485644258 mbs1/x86_64/lib64php5_common5-5.5.12-1.mbs1.x86_64.rpm\r\n 3fd588f458b56959797fb5d014eae48f mbs1/x86_64/php-apc-3.1.15-1.6.mbs1.x86_64.rpm\r\n 7e619dee2e92ff3c380f6c4ef501d0df mbs1/x86_64/php-apc-admin-3.1.15-1.6.mbs1.x86_64.rpm\r\n 11f54447e5427fbf752b4f71b9970ce5 mbs1/x86_64/php-bcmath-5.5.12-1.mbs1.x86_64.rpm\r\n c062cda26132b4ac6c4e148c6a68734e mbs1/x86_64/php-bz2-5.5.12-1.mbs1.x86_64.rpm\r\n 881589dad906c2fb85c3a33d7fea378c mbs1/x86_64/php-calendar-5.5.12-1.mbs1.x86_64.rpm\r\n ef0d051de99575d3c71b87800ee246e5 mbs1/x86_64/php-cgi-5.5.12-1.mbs1.x86_64.rpm\r\n 4c5204cac61750016c59580d6fe12f17 mbs1/x86_64/php-cli-5.5.12-1.mbs1.x86_64.rpm\r\n a0cff9488526e5c1ea6f9cde930bf5d8 mbs1/x86_64/php-ctype-5.5.12-1.mbs1.x86_64.rpm\r\n 5b79423cbb3649eedfaadee4b7773fe6 mbs1/x86_64/php-curl-5.5.12-1.mbs1.x86_64.rpm\r\n f009622fdfd3825dc76573bea38fd269 mbs1/x86_64/php-dba-5.5.12-1.mbs1.x86_64.rpm\r\n 24a229cfcf39dc8642678b5a3c7c3cc2 mbs1/x86_64/php-devel-5.5.12-1.mbs1.x86_64.rpm\r\n 32560ad8808014a67496e34398f68922 mbs1/x86_64/php-doc-5.5.12-1.mbs1.noarch.rpm\r\n e2c2566d0b502ad2c42de98a70820e42 mbs1/x86_64/php-dom-5.5.12-1.mbs1.x86_64.rpm\r\n 4c54ba0d5daa7ed0428e687fe2ee7e44 mbs1/x86_64/php-enchant-5.5.12-1.mbs1.x86_64.rpm\r\n c240f95cec3fdc7637bff950472dad68 mbs1/x86_64/php-exif-5.5.12-1.mbs1.x86_64.rpm\r\n e6aa382fd8013fb0c7f18b0f4158e414 mbs1/x86_64/php-fileinfo-5.5.12-1.mbs1.x86_64.rpm\r\n c57d83072dfcac793e712c673991f950 mbs1/x86_64/php-filter-5.5.12-1.mbs1.x86_64.rpm\r\n 5c66528ecfd9e43979cd30e5877f8a16 mbs1/x86_64/php-fpm-5.5.12-1.mbs1.x86_64.rpm\r\n 0b69a5b8f87f5d60f9277a930ae684f5 mbs1/x86_64/php-ftp-5.5.12-1.mbs1.x86_64.rpm\r\n bdcf28c0c14570960fa1ac3831e60d60 mbs1/x86_64/php-gd-5.5.12-1.mbs1.x86_64.rpm\r\n b292b8323de1bfa84f6343374ecd2cd6 mbs1/x86_64/php-gettext-5.5.12-1.mbs1.x86_64.rpm\r\n d398f4e3d479241d7965742c3fc998ef mbs1/x86_64/php-gmp-5.5.12-1.mbs1.x86_64.rpm\r\n 6ad902976dbb65029eaec9545090efba mbs1/x86_64/php-hash-5.5.12-1.mbs1.x86_64.rpm\r\n 1f70ab02036654143b0600ada836ae75 mbs1/x86_64/php-iconv-5.5.12-1.mbs1.x86_64.rpm\r\n 43b8d3119abaebe97cd131581ad0bce7 mbs1/x86_64/php-imap-5.5.12-1.mbs1.x86_64.rpm\r\n 8a036900183251f4533a7448bb31578e mbs1/x86_64/php-ini-5.5.12-1.mbs1.x86_64.rpm\r\n 6d955beac6cd6d100e1733c463f0ec1b mbs1/x86_64/php-intl-5.5.12-1.mbs1.x86_64.rpm\r\n 31da57129ac268f8b1ee761d00229c76 mbs1/x86_64/php-json-5.5.12-1.mbs1.x86_64.rpm\r\n 982f16d428b26491fa076144cd87f7cf mbs1/x86_64/php-ldap-5.5.12-1.mbs1.x86_64.rpm\r\n efbad629641d00c18a5694108d29dc1f mbs1/x86_64/php-mbstring-5.5.12-1.mbs1.x86_64.rpm\r\n 1297ae3e46bb0916c57be1623b0b5934 mbs1/x86_64/php-mcrypt-5.5.12-1.mbs1.x86_64.rpm\r\n 857fd2c635ccbe2864300f57c4e325e1 mbs1/x86_64/php-mssql-5.5.12-1.mbs1.x86_64.rpm\r\n 43a8813edf9337c2078180cb64f40b92 mbs1/x86_64/php-mysql-5.5.12-1.mbs1.x86_64.rpm\r\n 8483d8e011ecf13b20525632c6b0f7ec mbs1/x86_64/php-mysqli-5.5.12-1.mbs1.x86_64.rpm\r\n 49ba506cc6c659b6bafa5a8c60cd98d7 mbs1/x86_64/php-mysqlnd-5.5.12-1.mbs1.x86_64.rpm\r\n d4441bd727920f3bc2a813c205b07269 mbs1/x86_64/php-odbc-5.5.12-1.mbs1.x86_64.rpm\r\n 7078d869b8ac7c0f18e5e80d31133e9d mbs1/x86_64/php-opcache-5.5.12-1.mbs1.x86_64.rpm\r\n b5e4314436efa86f825d8bd3a05a1bb2 mbs1/x86_64/php-openssl-5.5.12-1.mbs1.x86_64.rpm\r\n 2bae715891c7cba2d0f5d89b341b6f8d mbs1/x86_64/php-pcntl-5.5.12-1.mbs1.x86_64.rpm\r\n e2867aee0bcc74c716906b95313874e9 mbs1/x86_64/php-pdo-5.5.12-1.mbs1.x86_64.rpm\r\n 2d2606c285e7b1143587dcea2e6bf684 mbs1/x86_64/php-pdo_dblib-5.5.12-1.mbs1.x86_64.rpm\r\n d9258f65a971bb39b2bb0cc48029ef15 mbs1/x86_64/php-pdo_mysql-5.5.12-1.mbs1.x86_64.rpm\r\n 58c336a04c095c2f80b6b5f5b324493b mbs1/x86_64/php-pdo_odbc-5.5.12-1.mbs1.x86_64.rpm\r\n 1958077abb09515aea71df8c9e4eb9a8 mbs1/x86_64/php-pdo_pgsql-5.5.12-1.mbs1.x86_64.rpm\r\n 34bae52fb02a338dbf92548ba8efb0b1 mbs1/x86_64/php-pdo_sqlite-5.5.12-1.mbs1.x86_64.rpm\r\n f0dabb11d738cfa10d5f0d01bde9fcac mbs1/x86_64/php-pgsql-5.5.12-1.mbs1.x86_64.rpm\r\n b6f47c1173da6eea7f9f6ab20b4a7c9a mbs1/x86_64/php-phar-5.5.12-1.mbs1.x86_64.rpm\r\n 1eb21c1d019a8f348454af89e16f78f2 mbs1/x86_64/php-posix-5.5.12-1.mbs1.x86_64.rpm\r\n 8ad4a51b9662004ff2ebad4f51b56117 mbs1/x86_64/php-readline-5.5.12-1.mbs1.x86_64.rpm\r\n a94de78681035b08063137cc5cf32437 mbs1/x86_64/php-recode-5.5.12-1.mbs1.x86_64.rpm\r\n 1dfac2b5345421cb192f0534681cf6af mbs1/x86_64/php-session-5.5.12-1.mbs1.x86_64.rpm\r\n 645fb72f38521f91b9dc1a1c7e575942 mbs1/x86_64/php-shmop-5.5.12-1.mbs1.x86_64.rpm\r\n c1fd2e2ad98402c7315a68b2717aac16 mbs1/x86_64/php-snmp-5.5.12-1.mbs1.x86_64.rpm\r\n 752a8cc39ce2d0f82bd2c07a2dbb4ba5 mbs1/x86_64/php-soap-5.5.12-1.mbs1.x86_64.rpm\r\n a6a62275ea481a0fbcd7737578f33455 mbs1/x86_64/php-sockets-5.5.12-1.mbs1.x86_64.rpm\r\n 22c717901d4212c67e87ed2174e6e845 mbs1/x86_64/php-sqlite3-5.5.12-1.mbs1.x86_64.rpm\r\n f7e6386efcd2a97a5490a3109bd70600 mbs1/x86_64/php-suhosin-0.9.35-1.mbs1.x86_64.rpm\r\n f9f6a9c19af8ecd5fe0ba8b7e2f526ee mbs1/x86_64/php-sybase_ct-5.5.12-1.mbs1.x86_64.rpm\r\n b60b2d77fa1e2b10644df9c86e3fdac1 mbs1/x86_64/php-sysvmsg-5.5.12-1.mbs1.x86_64.rpm\r\n fb7d815b81a40865cd54588f977a6827 mbs1/x86_64/php-sysvsem-5.5.12-1.mbs1.x86_64.rpm\r\n e3bb6a42b7062245009a3e64e9c3ab53 mbs1/x86_64/php-sysvshm-5.5.12-1.mbs1.x86_64.rpm\r\n 809dffd53a7653ea04958f6c6c86579a mbs1/x86_64/php-tidy-5.5.12-1.mbs1.x86_64.rpm\r\n d8e2ceee78d3b8b77011ff274fec13da mbs1/x86_64/php-timezonedb-2014.3-1.mbs1.x86_64.rpm\r\n 7462feb0b6b1c1027739300256811425 mbs1/x86_64/php-tokenizer-5.5.12-1.mbs1.x86_64.rpm\r\n b412ccbf40f642242ce946ab6dc5057d mbs1/x86_64/php-wddx-5.5.12-1.mbs1.x86_64.rpm\r\n 56aefd73ef297dd2752a94ca43b9368d mbs1/x86_64/php-xml-5.5.12-1.mbs1.x86_64.rpm\r\n 36728ade4afc041e4b4cdc8adae5b51c mbs1/x86_64/php-xmlreader-5.5.12-1.mbs1.x86_64.rpm\r\n 96928243c5bcb9b13df45ee473f2bba5 mbs1/x86_64/php-xmlrpc-5.5.12-1.mbs1.x86_64.rpm\r\n 03560a70d16bd0ab39192f286fca26ea mbs1/x86_64/php-xmlwriter-5.5.12-1.mbs1.x86_64.rpm\r\n f73bffd35d1e327a71949167deeb6fa4 mbs1/x86_64/php-xsl-5.5.12-1.mbs1.x86_64.rpm\r\n a69a5c5c8ff300e0ddaa5965462476cd mbs1/x86_64/php-zip-5.5.12-1.mbs1.x86_64.rpm\r\n 043104c0742e0b8d662ffdfe4863dfba mbs1/x86_64/php-zlib-5.5.12-1.mbs1.x86_64.rpm \r\n a7d10f16e1386c594f431001c48a0917 mbs1/SRPMS/php-5.5.12-1.mbs1.src.rpm\r\n 69977bb13b343ece8ee1fd6b6d82729f mbs1/SRPMS/php-apc-3.1.15-1.6.mbs1.src.rpm\r\n 49af4a438fa6eebf439741dd0575fb37 mbs1/SRPMS/php-suhosin-0.9.35-1.mbs1.src.rpm\r\n eecd1584f6cb9dba6c88c3b29ea692bc mbs1/SRPMS/php-timezonedb-2014.3-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD4DBQFTdGLcmqjQ0CJFipgRAt/SAKD2bOJ+Od3npvQEop5sKD27dzqRyACYvP65\r\ndJiEmD7K3fatPFHMJZnewQ==\r\n=nwr2\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-30T00:00:00", "published": "2014-05-30T00:00:00", "id": "SECURITYVULNS:DOC:30774", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30774", "title": "[ MDVSA-2014:087 ] php", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:55", "bulletinFamily": "info", "cvelist": ["CVE-2014-0185"], "description": "The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL. Versions 5.4.28 and 5.5.12 both contain that important patch, as well as fixes for more than a dozen other vulnerabilities.\n\nThe fix for the OpenSSL flaws is in both [PHP 5.4.28](<http://www.php.net/ChangeLog-5.php#5.4.28>) and [5.5.12](<http://www.php.net/ChangeLog-5.php#5.5.12>). Both versions also include a slew of other bug fixes, one of which is for CVE-2014-0185, a privilege escalation flaw. The bug could allow an attacker to run arbitrary code in some situations.\n\n\u201cBoth default config and compiled-in defaults of sapi/fpm lead to configurations which easily allow any user with rights to connect to a UNIX socket to run arbitrary code with the permissions of the fpm user,\u201d a [description of the bug](<https://bugs.php.net/bug.php?id=67060>) says.\n\n\u201cA typical scenario for this issue:\n\n\u2013 shared hosting environment with multiple fpm pools, running with different permissions (user1, user2, \u2026)\n\n\u2013 user1 can easily run code as user2 by pretending to be a FastCGI client and connecting to (e.g.) /var/run/php-fpm.user1.sock.\u201d\n\nUsers of either version of PHP are encouraged to update to the fixed packages as soon as possible to protect themselves against potential attacks.\n\n_ This story was updated on May 2 to clarify the OpenSSL bugs._\n", "modified": "2014-05-08T13:11:52", "published": "2014-05-02T10:48:20", "id": "THREATPOST:3A3D259BB4BCD97BF28642DE2B3F4146", "href": "https://threatpost.com/php-updated-to-fix-heartbleed-other-bugs/105867/", "type": "threatpost", "title": "PHP Updated to Fix Heartbleed, Other Bugs", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4248"], "description": "New php packages are available for Slackware 14.0, and -current to fix a\nsecurity issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/php-5.4.19-i486-1_slack14.0.txz: Upgraded.\n Fixed handling null bytes in subjectAltName (CVE-2013-4248).\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.19-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.19-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.19-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.19-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n36ea4e45512c962948deddf695238785 php-5.4.19-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n54fa9c4170edebe732c17a859c55c573 php-5.4.19-x86_64-1_slack14.0.txz\n\nSlackware -current package:\nb984f8b2323d962e2689485111040430 n/php-5.4.19-i486-1.txz\n\nSlackware x86_64 -current package:\nc3bb32c6ea600e5f0a44a927e03a7717 n/php-5.4.19-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.19-i486-1_slack14.0.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "modified": "2013-08-30T07:46:30", "published": "2013-08-30T07:46:30", "id": "SSA-2013-242-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.343027", "type": "slackware", "title": "[slackware-security] php", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:23", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4248"], "description": "It was discovered that PHP did not properly handle certificates with NULL \ncharacters in the Subject Alternative Name field. An attacker could exploit \nthis to perform a man in the middle attack to view sensitive information or \nalter encrypted communications.", "edition": 5, "modified": "2013-09-05T00:00:00", "published": "2013-09-05T00:00:00", "id": "USN-1937-1", "href": "https://ubuntu.com/security/notices/USN-1937-1", "title": "PHP vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:17:58", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4248"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2742-1 security@debian.org\nhttp://www.debian.org/security/ \nAugust 26, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nVulnerability : interpretation conflict\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4248\nDebian Bug : 719765\n\nIt was discovered that PHP, a general-purpose scripting language\ncommonly used for web application development, did not properly\nprocess embedded NUL characters in the subjectAltName extension of\nX.509 certificates. Depending on the application and with\ninsufficient CA-level checks, this could be abused for impersonating\nother users.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze17.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.5.3+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2013-08-26T20:21:58", "published": "2013-08-26T20:21:58", "id": "DEBIAN:DSA-2742-1:FA4D7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00152.html", "title": "[SECURITY] [DSA 2742-1] php5 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}