Lucene search

K
freebsdFreeBSD057BF770-CAC4-11E0-AEA3-00215C6A37BB
HistoryAug 18, 2011 - 12:00 a.m.

php -- multiple vulnerabilities

2011-08-1800:00:00
vuxml.freebsd.org
31

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.055

Percentile

93.2%

PHP development team reports:

Security Enhancements and Fixes in PHP 5.3.7:

Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz
Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability
in RFC1867 File upload filename). Reported by Krzysztof
Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect().
(CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()).
(CVE-2011-1148)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphp5<Β 5.3.7UNKNOWN
FreeBSDanynoarchphp5-sockets<Β 5.3.7UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.055

Percentile

93.2%