MiracleLinux 4 : php-5.3.3-46.AXS4 (AXSA:2015-184:01)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

PHP package on MiracleLinux 4 is affected by multiple vulnerabilities per advisory 2015.

Reporter	Title	Published	Views	Family All 909
0day.today	PHP DateTime Use After Free Vulnerability	23 Feb 201500:00	–	zdt
0day.today	Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabiliti	22 Sep 201600:00	–	zdt
FreeBSD	Several vulnerabilities found in PHP	16 Apr 201500:00	–	freebsd
FreeBSD	php -- multiple vulnerabilities	14 May 201500:00	–	freebsd
FreeBSD	Several vulnerabilities found in PHP	19 Mar 201500:00	–	freebsd
FreeBSD	php5 -- multiple vulnerabilities	18 Feb 201500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues	16 Jun 201819:50	–	ibm
IBM Security Bulletins	Security Bulletin: 2	2 Nov 202020:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php	2 Nov 202020:22	–	ibm

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/5529
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2015-184:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289255);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2014-9425",
    "CVE-2014-9705",
    "CVE-2014-9709",
    "CVE-2015-0231",
    "CVE-2015-0232",
    "CVE-2015-0273",
    "CVE-2015-2301",
    "CVE-2015-2783",
    "CVE-2015-2787",
    "CVE-2015-3307",
    "CVE-2015-3329",
    "CVE-2015-3411",
    "CVE-2015-3412",
    "CVE-2015-4021",
    "CVE-2015-4022",
    "CVE-2015-4024",
    "CVE-2015-4026",
    "CVE-2015-4147",
    "CVE-2015-4148",
    "CVE-2015-4598",
    "CVE-2015-4599",
    "CVE-2015-4600"
  );
  script_xref(name:"IAVB", value:"2016-B-0054-S");

  script_name(english:"MiracleLinux 4 : php-5.3.3-46.AXS4 (AXSA:2015-184:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2015-184:01 advisory.

    PHP is an HTML-embedded scripting language. PHP attempts to make it
    easy for developers to write dynamically generated webpages. PHP also
    offers built-in database integration for several commercial and
    non-commercial database management systems, so writing a
    database-enabled webpage with PHP is fairly simple. The most common
    use of PHP coding is probably as a replacement for CGI scripts.
    The php package contains the module which adds support for the PHP
    language to Apache HTTP Server.
    Security issues fixed with this release:
    CVE-2014-9425
    CVE-2014-9705
    CVE-2014-9709
    CVE-2015-0232
    CVE-2015-0273
    CVE-2015-2301
    CVE-2015-2783
    CVE-2015-2787
    CVE-2015-3307
    CVE-2015-3329
    CVE-2015-3411
    CVE-2015-3412
    CVE-2015-4021
    CVE-2015-4022
    CVE-2015-4024
    CVE-2015-4026
    CVE-2015-4147
    CVE-2015-4148
    CVE-2015-4598
    CVE-2015-4599
    CVE-2015-4600
    CVE-2015-4601
    CVE-2015-4602
    CVE-2015-4603

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/5529");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4600");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'php-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-bcmath-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-bcmath-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-cli-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-cli-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-common-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-common-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gd-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gd-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ldap-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ldap-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mbstring-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mbstring-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mysql-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mysql-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-odbc-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-odbc-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pdo-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pdo-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pgsql-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pgsql-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-soap-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-soap-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xml-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xml-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xmlrpc-5.3.3-46.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xmlrpc-5.3.3-46.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-gd / php-ldap / etc');
}

16 Jan 2026 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 210

CVSS 39.8

EPSS0.87334