Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable801116.PRM
HistoryJan 16, 2012 - 12:00 a.m.

PHP < 5.3.9 Multiple Vulnerabilities

2012-01-1600:00:00
Tenable
www.tenable.com
27
JSON

Versions of PHP earlier than 5.3.9 are potentially affected by multiple vulnerabilities :

  • It is possible to create a denial of service condition by sending multiple, specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table. (CVE-2011-4885)

  • An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to read arbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32-bit platforms. (CVE-2011-4566)

  • Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite file, resulting in arbitrary code execution. (CVE-2012-0057)

  • An error exists in the function ‘tidy_diagnose’ that can allow an attacker to cause the application to dereference a null pointer. This causes the application to crash. (CVE-2012-0781)

  • The ‘PDORow’ implementation contains an error that can cause application crashes when interacting with the session feature. C(VE-2012-0788)

  • An error exists in the timezone handling such that repeated calls to the function ‘strtotime’ can allow a denial of service attack via memory consuption. (CVE-2012-0789)

Binary data 801116.prm

Related

nessus 44
openvas 79
freebsd 2
fedora 10
amazon 2
centos 5
oraclelinux 4
redhat 6
osv 1
debian 2
suse 3
securityvulns 1
seebug 7
checkpoint_advisories 3
packetstorm 2
veracode 9
prion 4
cve 5
ubuntu 1
f5 2
exploitpack 1
ubuntucve 5
exploitdb 1
nessus
nessus
PHP < 5.3.9 Multiple Vulnerabilities
2012-01-16 00:00:00
PHP < 5.3.9 Multiple Vulnerabilities
2012-01-13 00:00:00
CentOS 5 / 6 : php / php53 (CESA-2012:0019)
2012-01-12 00:00:00
openvas
openvas
PHP Version < 5.3.9 Multiple Vulnerabilities
2012-06-14 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-37)
2015-09-08 00:00:00
Fedora Update for maniadrive FEDORA-2012-0504
2012-04-02 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2011-12-29 00:00:00
php5 -- Denial of Service in php_date_parse_tzfile()
2010-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.1
2012-01-19 22:00:25
[SECURITY] Fedora 16 Update: php-5.3.9-1.fc16
2012-01-19 22:00:25
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.1
2012-01-19 22:00:25
amazon
amazon
Medium: php
2012-01-19 20:10:00
Critical: php
2012-02-02 16:10:00
centos
centos
php, php53 security update
2012-01-11 19:19:36
php security update
2012-01-30 20:44:11
php security update
2012-07-10 17:36:22
oraclelinux
oraclelinux
php53 and php security update
2012-01-11 00:00:00
php security update
2012-01-30 00:00:00
php security update
2012-06-27 00:00:00
redhat
redhat
(RHSA-2012:0019) Moderate: php53 and php security update
2012-01-11 00:00:00
(RHSA-2012:0071) Moderate: php security update
2012-01-30 00:00:00
(RHSA-2012:1046) Moderate: php security update
2012-06-27 00:00:00
osv
osv
php5 - several
2012-01-31 00:00:00
debian
debian
[SECURITY] [DSA 2399-1] php5 security update
2012-01-31 07:22:58
[SECURITY] [DSA 2399-2] php5 regression fix
2012-01-31 15:26:47
suse
suse
update for php5 (important)
2012-03-29 15:08:14
Security update for PHP5 (important)
2012-03-24 03:08:28
Security update for PHP5 (important)
2012-04-12 23:08:15
securityvulns
securityvulns
PHP security vulnerabilities
2012-02-08 00:00:00
seebug
seebug
PHP &quot;exif_process_IFD_TAG()&quot;远程整数溢出漏洞
2011-12-07 00:00:00
PHP Hashtables Denial of Service
2014-07-01 00:00:00
PHP Web表单哈希冲突拒绝服务漏洞
2012-01-01 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP5 Hash Collision Denial Of Service - Ver2 (CVE-2011-4885)
2014-03-03 00:00:00
PHP Exif Header Parsing Integer Overflow (CVE-2011-4566)
2012-08-27 00:00:00
PHP Exif Header Parsing Integer Overflow - Ver2 (CVE-2011-4566)
2015-03-26 00:00:00
packetstorm
packetstorm
PHP 5.3.x Hashtables Proof Of Concept
2012-01-01 00:00:00
PHP 5.3.x Hash Collision Proof Of Concept Code
2012-01-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:05
Denial Of Service (DoS)
2020-04-10 01:06:05
Denial Of Service (DoS)
2019-05-02 04:42:13
prion
prion
Code injection
2011-12-30 01:55:00
Memory corruption
2012-02-14 15:55:00
Code injection
2012-02-02 00:55:00
cve
cve
CVE-2012-0789
2012-02-14 15:55:00
CVE-2011-4885
2011-12-30 01:55:00
CVE-2012-0057
2012-02-02 00:55:00
ubuntu
ubuntu
PHP vulnerability
2011-12-14 00:00:00
f5
f5
SOL13588 - PHP vulnerability CVE-2011-4885
2012-05-17 00:00:00
K13588 : PHP vulnerability CVE-2011-4885
2013-09-11 00:00:00
exploitpack
exploitpack
PHP 5.3.8 - Hashtables Denial of Service
2012-01-01 00:00:00
ubuntucve
ubuntucve
CVE-2011-4885
2011-12-29 00:00:00
CVE-2012-0789
2012-02-14 00:00:00
CVE-2012-0057
2012-02-01 00:00:00
exploitdb
exploitdb
PHP 5.3.8 - Hashtables Denial of Service
2012-01-01 00:00:00
JSON
Related for 801116.PRM
nessus44openvas79freebsd2fedora10amazon2centos5oraclelinux4redhat6osv1debian2suse3securityvulns1seebug7checkpoint_advisories3packetstorm2veracode9prion4cve5ubuntu1f52exploitpack1ubuntucve5exploitdb1