Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-628.NASL
HistorySep 19, 2016 - 12:00 a.m.

Debian DLA-628-1 : php5 security update

2016-09-1900:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

  • CVE-2016-4473.patch An invalid free may occur under certain conditions when processing phar-compatible archives.

    • CVE-2016-4538.patch The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. (already fixed with patch for CVE-2016-4537)

    • CVE-2016-5114.patch sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.

    • CVE-2016-5399.patch Improper error handling in bzread()

    • CVE-2016-5768.patch Double free vulnerability in the
      _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.

    • CVE-2016-5769.patch Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

    • CVE-2016-5770.patch Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.

    • CVE-2016-5771.patch spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

    • CVE-2016-5772.patch Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

    • CVE-2016-5773.patch php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

    • CVE-2016-6289.patch Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.

    • CVE-2016-6290.patch ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.

    • CVE-2016-6291.patch The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.

    • CVE-2016-6292.patch The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.

    • CVE-2016-6294.patch The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

    • CVE-2016-6295.patch ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.

    • CVE-2016-6296.patch Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.

    • CVE-2016-6297.patch Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.

    • BUG-70436.patch Use After Free Vulnerability in unserialize()

    • BUG-72681.patch PHP Session Data Injection Vulnerability, consume data even if we’re not storing them.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-628-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93568);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2016-4473", "CVE-2016-4538", "CVE-2016-5114", "CVE-2016-5399", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297");

  script_name(english:"Debian DLA-628-1 : php5 security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - CVE-2016-4473.patch An invalid free may occur under
    certain conditions when processing phar-compatible
    archives.

  - CVE-2016-4538.patch The bcpowmod function in
    ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before
    5.6.21, and 7.x before 7.0.6 accepts a negative integer
    for the scale argument, which allows remote attackers to
    cause a denial of service or possibly have unspecified
    other impact via a crafted call. (already fixed with
    patch for CVE-2016-4537)

  - CVE-2016-5114.patch sapi/fpm/fpm/fpm_log.c in PHP before
    5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2
    misinterprets the semantics of the snprintf return
    value, which allows attackers to obtain sensitive
    information from process memory or cause a denial of
    service (out-of-bounds read and buffer overflow) via a
    long string, as demonstrated by a long URI in a
    configuration with custom REQUEST_URI logging.

  - CVE-2016-5399.patch Improper error handling in bzread()

  - CVE-2016-5768.patch Double free vulnerability in the
    _php_mb_regex_ereg_replace_exec function in
    php_mbregex.c in the mbstring extension in PHP before
    5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows
    remote attackers to execute arbitrary code or cause a
    denial of service (application crash) by leveraging a
    callback exception.

  - CVE-2016-5769.patch Multiple integer overflows in
    mcrypt.c in the mcrypt extension in PHP before 5.5.37,
    5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote
    attackers to cause a denial of service (heap-based
    buffer overflow and application crash) or possibly have
    unspecified other impact via a crafted length value,
    related to the (1) mcrypt_generic and (2)
    mdecrypt_generic functions.

  - CVE-2016-5770.patch Integer overflow in the
    SplFileObject::fread function in spl_directory.c in the
    SPL extension in PHP before 5.5.37 and 5.6.x before
    5.6.23 allows remote attackers to cause a denial of
    service or possibly have unspecified other impact via a
    large integer argument, a related issue to
    CVE-2016-5096.

  - CVE-2016-5771.patch spl_array.c in the SPL extension in
    PHP before 5.5.37 and 5.6.x before 5.6.23 improperly
    interacts with the unserialize implementation and
    garbage collection, which allows remote attackers to
    execute arbitrary code or cause a denial of service
    (use-after-free and application crash) via crafted
    serialized data.

  - CVE-2016-5772.patch Double free vulnerability in the
    php_wddx_process_data function in wddx.c in the WDDX
    extension in PHP before 5.5.37, 5.6.x before 5.6.23, and
    7.x before 7.0.8 allows remote attackers to cause a
    denial of service (application crash) or possibly
    execute arbitrary code via crafted XML data that is
    mishandled in a wddx_deserialize call.

  - CVE-2016-5773.patch php_zip.c in the zip extension in
    PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before
    7.0.8 improperly interacts with the unserialize
    implementation and garbage collection, which allows
    remote attackers to execute arbitrary code or cause a
    denial of service (use-after-free and application crash)
    via crafted serialized data containing a ZipArchive
    object.

  - CVE-2016-6289.patch Integer overflow in the
    virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in
    PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before
    7.0.9 allows remote attackers to cause a denial of
    service (stack-based buffer overflow) or possibly have
    unspecified other impact via a crafted extract operation
    on a ZIP archive.

  - CVE-2016-6290.patch ext/session/session.c in PHP before
    5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does
    not properly maintain a certain hash data structure,
    which allows remote attackers to cause a denial of
    service (use-after-free) or possibly have unspecified
    other impact via vectors related to session
    deserialization.

  - CVE-2016-6291.patch The exif_process_IFD_in_MAKERNOTE
    function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x
    before 5.6.24, and 7.x before 7.0.9 allows remote
    attackers to cause a denial of service (out-of-bounds
    array access and memory corruption), obtain sensitive
    information from process memory, or possibly have
    unspecified other impact via a crafted JPEG image.

  - CVE-2016-6292.patch The exif_process_user_comment
    function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x
    before 5.6.24, and 7.x before 7.0.9 allows remote
    attackers to cause a denial of service (NULL pointer
    dereference and application crash) via a crafted JPEG
    image.

  - CVE-2016-6294.patch The locale_accept_from_http function
    in ext/intl/locale/locale_methods.c in PHP before
    5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does
    not properly restrict calls to the ICU
    uloc_acceptLanguageFromHTTP function, which allows
    remote attackers to cause a denial of service
    (out-of-bounds read) or possibly have unspecified other
    impact via a call with a long argument.

  - CVE-2016-6295.patch ext/snmp/snmp.c in PHP before
    5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9
    improperly interacts with the unserialize implementation
    and garbage collection, which allows remote attackers to
    cause a denial of service (use-after-free and
    application crash) or possibly have unspecified other
    impact via crafted serialized data, a related issue to
    CVE-2016-5773.

  - CVE-2016-6296.patch Integer signedness error in the
    simplestring_addn function in simplestring.c in
    xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38,
    5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote
    attackers to cause a denial of service (heap-based
    buffer overflow) or possibly have unspecified other
    impact via a long first argument to the PHP
    xmlrpc_encode_request function.

  - CVE-2016-6297.patch Integer overflow in the
    php_stream_zip_opener function in ext/zip/zip_stream.c
    in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x
    before 7.0.9 allows remote attackers to cause a denial
    of service (stack-based buffer overflow) or possibly
    have unspecified other impact via a crafted zip:// URL.

  - BUG-70436.patch Use After Free Vulnerability in
    unserialize()

  - BUG-72681.patch PHP Session Data Injection
    Vulnerability, consume data even if we're not storing
    them.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2016/09/msg00021.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/php5"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libphp5-embed");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-interbase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-sybase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php5-xsl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"libapache2-mod-php5", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libapache2-mod-php5filter", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"libphp5-embed", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php-pear", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-cgi", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-cli", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-common", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-curl", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-dbg", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-dev", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-enchant", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-fpm", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-gd", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-gmp", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-imap", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-interbase", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-intl", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-ldap", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-mcrypt", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-mysql", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-mysqlnd", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-odbc", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-pgsql", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-pspell", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-recode", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-snmp", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-sqlite", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-sybase", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-tidy", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-xmlrpc", reference:"5.4.45-0+deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"php5-xsl", reference:"5.4.45-0+deb7u5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlibapache2-mod-php5p-cpe:/a:debian:debian_linux:libapache2-mod-php5
debiandebian_linuxlibapache2-mod-php5filterp-cpe:/a:debian:debian_linux:libapache2-mod-php5filter
debiandebian_linuxlibphp5-embedp-cpe:/a:debian:debian_linux:libphp5-embed
debiandebian_linuxphp-pearp-cpe:/a:debian:debian_linux:php-pear
debiandebian_linuxphp5p-cpe:/a:debian:debian_linux:php5
debiandebian_linuxphp5-cgip-cpe:/a:debian:debian_linux:php5-cgi
debiandebian_linuxphp5-clip-cpe:/a:debian:debian_linux:php5-cli
debiandebian_linuxphp5-commonp-cpe:/a:debian:debian_linux:php5-common
debiandebian_linuxphp5-curlp-cpe:/a:debian:debian_linux:php5-curl
debiandebian_linuxphp5-dbgp-cpe:/a:debian:debian_linux:php5-dbg
Rows per page:
1-10 of 331

References

Related

osv 3
openvas 37
debian 4
f5 11
mageia 2
nessus 49
freebsd 2
ubuntu 2
cloudfoundry 1
slackware 1
suse 8
fedora 4
amazon 1
debiancve 8
ibm 3
redhatcve 7
cve 10
threatpost 1
prion 9
ubuntucve 12
thn 1
redhat 1
centos 1
oraclelinux 1
veracode 17
myhack58 1
checkpoint_advisories 1
packetstorm 1
osv
osv
php5 - security update
2016-09-18 00:00:00
xmlrpc-epi - security update
2016-07-29 00:00:00
CVE-2016-5399
2017-04-21 20:59:00
openvas
openvas
Debian: Security Advisory (DLA-628-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2016-0267)
2022-01-28 00:00:00
Debian Security Advisory DSA 3631-1 (php5 - security update)
2016-08-02 00:00:00
debian
debian
[SECURITY] [DLA 628-1] php5 security update
2016-09-18 15:12:08
[SECURITY] [DSA 3631-1] php5 security update
2016-07-26 20:46:29
[SECURITY] [DSA 3618-1] php5 security update
2016-07-14 19:50:00
f5
f5
K35799130 : Multiple PHP vulnerabilities
2016-10-11 00:00:00
SOL35799130 - Multiple PHP vulnerabilities
2016-10-11 00:00:00
K63914421 : PHP vulnerability CVE-2016-5770
2016-12-08 00:00:00
mageia
mageia
Updated php/xmlrpc-epi/timezone packages fix security vulnerability
2016-07-27 00:59:16
Updated php packages fix security vulnerability
2016-07-05 18:47:08
nessus
nessus
Debian DSA-3631-1 : php5 - security update (httpoxy)
2016-07-27 00:00:00
Debian DSA-3618-1 : php5 - security update
2016-07-15 00:00:00
FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)
2016-07-27 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2016-07-21 00:00:00
php -- multiple vulnerabilities
2016-06-23 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2016-08-02 00:00:00
xmlrpc-epi vulnerability
2016-08-10 00:00:00
cloudfoundry
cloudfoundry
USN-3045-1 PHP vulnerabilities | Cloud Foundry
2016-09-09 00:00:00
slackware
slackware
[slackware-security] php
2016-06-24 23:46:10
suse
suse
Security update for php5 (important)
2016-08-16 13:10:01
Security update for php5 (important)
2016-07-07 18:08:23
Security update for php5 (important)
2016-10-04 17:11:09
fedora
fedora
[SECURITY] Fedora 24 Update: php-5.6.23-1.fc24
2016-07-02 15:45:25
[SECURITY] Fedora 23 Update: php-5.6.23-1.fc23
2016-07-02 19:34:49
[SECURITY] Fedora 22 Update: php-5.6.23-1.fc22
2016-07-02 19:28:47
amazon
amazon
Medium: php55, php56
2016-08-01 13:30:00
debiancve
debiancve
CVE-2016-6295
2016-07-25 14:59:00
CVE-2016-5770
2016-08-07 10:59:00
CVE-2016-5769
2016-08-07 10:59:00
ibm
ibm
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
2018-06-16 20:06:28
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities
2018-06-18 01:33:37
Security Bulletin: Vulnerabilities in PHP affect PowerKVM
2018-06-18 01:34:16
redhatcve
redhatcve
CVE-2016-6295
2016-07-25 14:19:51
CVE-2016-6297
2016-07-25 14:19:55
CVE-2016-6294
2016-07-25 13:48:29
cve
cve
CVE-2016-6295
2016-07-25 14:59:00
CVE-2016-5770
2016-08-07 10:59:00
CVE-2016-6297
2016-07-25 14:59:00
threatpost
threatpost
Pornhub Hack Earns Researchers $22,000
2016-07-25 13:01:30
prion
prion
Design/Logic Flaw
2016-07-25 14:59:00
Integer overflow
2016-08-07 10:59:00
Out-of-bounds
2016-07-25 14:59:00
ubuntucve
ubuntucve
CVE-2016-6295
2016-07-25 00:00:00
CVE-2016-5770
2016-08-07 00:00:00
CVE-2016-4538
2016-05-06 00:00:00
thn
thn
PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website
2016-07-24 20:25:00
redhat
redhat
(RHSA-2016:2598) Moderate: php security and bug fix update
2016-11-03 06:07:16
centos
centos
php security update
2016-11-25 15:41:35
oraclelinux
oraclelinux
php security and bug fix update
2016-11-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:02:21
Denial Of Service (DoS)
2019-05-02 06:02:17
Denial Of Service (DoS)
2019-05-02 06:02:19
myhack58
myhack58
PHP garbage collection mechanism UAF vulnerability analysis-vulnerability warning-the black bar safety net
2016-12-19 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Exif_Process_User_Comment Null Pointer Dereference (CVE-2016-6292)
2016-08-21 00:00:00
packetstorm
packetstorm
PHP 7.0.8 / 5.6.23 / 5.5.37 bzread() OOB Write
2016-07-21 00:00:00
JSON
Related for DEBIAN_DLA-628.NASL
osv3openvas37debian4f511mageia2nessus49freebsd2ubuntu2cloudfoundry1slackware1suse8fedora4amazon1debiancve8ibm3redhatcve7cve10threatpost1prion9ubuntucve12thn1redhat1centos1oraclelinux1veracode17myhack581checkpoint_advisories1packetstorm1