Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2022 Tenable Network Security, Inc.PHP_4_4_8.NASL
HistoryJan 03, 2008 - 12:00 a.m.

PHP < 4.4.8 Multiple Vulnerabilities

2008-01-0300:00:00
This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.
www.tenable.com
89
JSON

According to its banner, the version of PHP installed on the remote host is older than 4.4.8. Such versions may be affected by several issues, including integer overflows involving the ‘chunk_split’, ‘strcspn’, and ‘strspn’ functions, and ‘safe_mode’ / ‘open_basedir’ bypasses.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(29833);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2007-3378",
    "CVE-2007-3799",
    "CVE-2007-3997",
    "CVE-2007-4657",
    "CVE-2007-4658",
    "CVE-2008-0145",
    "CVE-2008-2108"
  );
  script_bugtraq_id(24661, 49631);

  script_name(english:"PHP < 4.4.8 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple issues.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP installed on the remote
host is older than 4.4.8.  Such versions may be affected by several
issues, including integer overflows involving the 'chunk_split',
'strcspn', and 'strspn' functions, and 'safe_mode' / 'open_basedir'
bypasses.");
  script_set_attribute(attribute:"see_also", value:"http://www.php.net/releases/4_4_8.php");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 4.4.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 119, 189, 264);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("audit.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);

php = get_php_from_kb(
  port : port,
  exit_on_fail : TRUE
);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported)
  audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

if (version =~ "^3\.|4\.[0-3]\." ||
    version =~ "^4\.4\.[0-7]($|[^0-9])"
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source     : '+source +
      '\n  Installed version  : '+version+
      '\n  Fixed version      : 4.4.8\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
VendorProductVersionCPE
phpphpcpe:/a:php:php

Related

openvas 66
nessus 46
oraclelinux 4
debian 4
osv 3
securityvulns 4
prion 9
ubuntucve 10
exploitpack 1
redhatcve 4
seebug 4
cve 9
veracode 3
freebsd 1
f5 4
exploitdb 1
ubuntu 3
fedora 4
redhat 10
centos 6
gentoo 2
suse 1
openvas
openvas
PHP < 4.4.8 Multiple Vulnerabilities
2012-06-21 00:00:00
PHP < 4.4.8 Multiple Vulnerabilities
2020-08-17 00:00:00
Slackware Advisory SSA:2008-045-03 php
2012-09-11 00:00:00
nessus
nessus
Slackware 10.2 / 11.0 : php (SSA:2008-045-03)
2008-02-18 00:00:00
Debian DSA-1444-2 : php5 - several vulnerabilities
2008-01-04 00:00:00
Debian DSA-1578-1 : php4 - several vulnerabilities
2008-05-19 00:00:00
oraclelinux
oraclelinux
Moderate: php security update
2007-09-20 00:00:00
Moderate: php security update
2007-09-26 00:00:00
php security update
2008-07-16 00:00:00
debian
debian
[SECURITY] [DSA 1444-2] New php5 packages fix regression
2008-01-23 21:29:45
[SECURITY] [DSA 1578-1] New php4 packages fix several vulnerabilities
2008-05-17 11:44:14
[SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities
2008-01-03 20:25:59
osv
osv
php5 several issues
2008-01-23 00:00:00
php4 - several vulnerabilities
2008-05-17 00:00:00
php5 - several vulnerabilities
2009-05-04 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2008-01-04 00:00:00
PHP safe mode protection bypass with htaccess
2007-11-26 00:00:00
[Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability
2007-06-27 00:00:00
prion
prion
Design/Logic Flaw
2007-09-04 18:17:00
Design/Logic Flaw
2007-06-29 18:30:00
Format string
2007-09-04 22:17:00
ubuntucve
ubuntucve
CVE-2007-3997
2007-09-04 00:00:00
CVE-2007-3378
2007-06-29 00:00:00
CVE-2007-4658
2007-09-04 00:00:00
exploitpack
exploitpack
PHP 4.4.75.2.3 - MySQLMySQLi Safe_Mode Bypass
2007-09-10 00:00:00
redhatcve
redhatcve
CVE-2007-3997
2015-10-30 10:13:33
CVE-2007-3378
2015-10-30 10:14:33
CVE-2007-4657
2015-10-30 09:33:14
seebug
seebug
PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
2014-07-01 00:00:00
PHP &lt;= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
2007-09-10 00:00:00
PHP MySQL/MySQLi扩展绕过安全限制漏洞
2007-09-05 00:00:00
cve
cve
CVE-2007-3997
2007-09-04 18:17:00
CVE-2007-3378
2007-06-29 18:30:00
CVE-2007-4658
2007-09-04 22:17:00
veracode
veracode
Improper Session Handling
2020-04-10 00:18:57
Privilege Escalation
2020-04-10 00:18:59
Weak Random Number Generator
2020-04-10 00:22:38
freebsd
freebsd
php -- multiple vulnerabilities
2007-08-30 00:00:00
f5
f5
K31530542 : PHP vulnerabilities CVE-2007-1777, CVE-2007-3997, CVE-2007-4657, CVE-2008-3658, and CVE-2008-3659
2016-10-20 00:00:00
SOL31530542 - PHP vulnerabilities CVE-2007-1777, CVE-2007-3997, CVE-2007-4657, CVE-2008-3658, and CVE-2008-3659
2016-10-20 00:00:00
K13519 : Multiple PHP vulnerabilities
2013-09-20 00:00:00
exploitdb
exploitdb
PHP 4.4.7/5.2.3 - MySQL/MySQLi &#039;Safe_Mode&#039; Bypass
2007-09-10 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2007-11-29 00:00:00
PHP regression
2007-12-03 00:00:00
PHP vulnerabilities
2008-07-23 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.7.fc6
2007-09-24 20:33:40
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-07-26 06:03:23
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-06-20 19:09:41
redhat
redhat
(RHSA-2007:0917) Moderate: php security update
2007-10-23 00:00:00
(RHSA-2007:0890) Moderate: php security update
2007-09-20 00:00:00
(RHSA-2007:0891) Moderate: php security update
2007-10-25 00:00:00
centos
centos
php security update
2007-09-20 14:31:37
php security update
2007-09-26 09:03:28
php security update
2007-10-24 03:08:58
gentoo
gentoo
PHP: Multiple vulnerabilities
2007-10-07 00:00:00
PHP: Multiple vulnerabilities
2008-11-16 00:00:00
suse
suse
remote code execution in php4, php5
2008-01-29 14:18:48
JSON
Related for PHP_4_4_8.NASL
openvas66nessus46oraclelinux4debian4osv3securityvulns4prion9ubuntucve10exploitpack1redhatcve4seebug4cve9veracode3freebsd1f54exploitdb1ubuntu3fedora4redhat10centos6gentoo2suse1