Lucene search

K
nessusTenable5733.PRM
HistoryDec 13, 2010 - 12:00 a.m.

PHP 5.2.x < 5.2.15 Multiple Vulnerabilities

2010-12-1300:00:00
Tenable
www.tenable.com
22

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.7%

According to its banner the version of PHP installed on the remote host is earlier than 5.2.15. Such versions are potentially affected by multiple vulnerabilities :

  • A crash in the zip extract method.

  • A possible double free exists in the IMAP extension. (CVE-2010-4150)

  • An unspecified flaw exists in ‘open_basedir’. (CVE-2010-3436)

  • A possible crash could occur in ‘mssql_fetch_batch()’.

  • A NULL pointer dereference exists in ‘zipArchive::getArchiveComment’. (CVE-2010-3709)

  • A crash exists if anti-aliasing steps are invalid. (Bug 53492)

  • A crash exists in pdo_firebird get_Attribute(). (Bug 53323)

  • A use-after-free vulnerability in the Zend engine when a ‘__set()’, ‘__get()’, or ‘__unset()’ method is called can allow for a denial of service attack. (Bug #52879 / CVE-2010-4697)

  • A stack-based buffer overflow exists in the ‘imagepstext()’ function in the GD extension. (Bug #53492 / CVE-2010-4698)

  • The extract function does not prevent use of the EXTR_OVERWRITE parameter to overwrite the GLOBALS superglobal array and the ‘this’ variable, which allows attackers to bypass intended access restrictions. (CVE-2011-0752)

Binary data 5733.prm
VendorProductVersionCPE
phpphpcpe:/a:php:php

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.7%