Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.PHP_5_5_14.NASL
HistoryJun 27, 2014 - 12:00 a.m.

PHP 5.5.x < 5.5.14 Multiple Vulnerabilities

2014-06-2700:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
85
JSON

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities :

  • Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions ‘cdf_read_short_sector’, ‘cdf_check_stream_offset’, ‘cdf_count_chain’, and ‘cdf_read_property_info’. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)

  • A pascal string size handling error exists related to the Fileinfo extension and the function ‘mconvert’.
    (CVE-2014-3478)

  • A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function ‘unserialize’. (CVE-2014-3515)

  • An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)

  • A heap-based buffer overflow error exists related to the function ‘dns_get_record’ that could allow execution of arbitrary code. (CVE-2014-4049)

  • A type-confusion error exists related to the function ‘php_print_info’ that could allow disclosure of sensitive information. (CVE-2014-4721)

  • An error exists related to unserialization and ‘SplFileObject’ handling that could allow denial of service attacks. (Bug #67072)

  • A double free error exists related to the Intl extension and the method ‘Locale::parseLocale’ having unspecified impact. (Bug #67349)

  • A buffer overflow error exists related to the Intl extension and the functions ‘locale_get_display_name’ and ‘uloc_getDisplayName’ having unspecified impact.
    (Bug #67397)

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76282);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2014-0207",
    "CVE-2014-3478",
    "CVE-2014-3479",
    "CVE-2014-3480",
    "CVE-2014-3487",
    "CVE-2014-3515",
    "CVE-2014-3981",
    "CVE-2014-4049",
    "CVE-2014-4721"
  );
  script_bugtraq_id(
    67837,
    68007,
    68120,
    68237,
    68238,
    68239,
    68241,
    68243,
    68423,
    68550
  );

  script_name(english:"PHP 5.5.x < 5.5.14 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is running a version of PHP that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP 5.5.x installed on the
remote host is a version prior to 5.5.14. It is, therefore, affected
by the following vulnerabilities :

  - Boundary checking errors exist related to the
    Fileinfo extension, Composite Document Format (CDF)
    handling and the functions 'cdf_read_short_sector',
    'cdf_check_stream_offset', 'cdf_count_chain', and
    'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479,
    CVE-2014-3480, CVE-2014-3487)

  - A pascal string size handling error exists related to
    the Fileinfo extension and the function 'mconvert'.
    (CVE-2014-3478)

  - A type-confusion error exists related to the Standard
    PHP Library (SPL) extension and the function
    'unserialize'. (CVE-2014-3515)

  - An error exists related to configuration scripts and
    temporary file handling that could allow insecure file
    usage. (CVE-2014-3981)

  - A heap-based buffer overflow error exists related to the
    function 'dns_get_record' that could allow execution of
    arbitrary code. (CVE-2014-4049)

  - A type-confusion error exists related to the function
    'php_print_info' that could allow disclosure of
    sensitive information. (CVE-2014-4721)

  - An error exists related to unserialization and
    'SplFileObject' handling that could allow denial of
    service attacks. (Bug #67072)

  - A double free error exists related to the Intl
    extension and the method 'Locale::parseLocale' having
    unspecified impact. (Bug #67349)

  - A buffer overflow error exists related to the Intl
    extension and the functions 'locale_get_display_name'
    and 'uloc_getDisplayName' having unspecified impact.
    (Bug #67397)

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://www.php.net/ChangeLog-5.php#5.5.14");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67072");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67326");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67349");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67390");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67397");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67410");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67411");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67412");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67413");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67432");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67492");
  script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=67498");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/oss-sec/2014/q3/29");
  script_set_attribute(attribute:"see_also", value:"https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 5.5.14 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3515");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/27");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("php_version.nasl");
  script_require_keys("www/PHP");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php:TRUE);
php = get_php_from_kb(port:port, exit_on_fail:TRUE);

version = php["ver"];
source = php["src"];

backported = get_kb_item('www/php/'+port+'/'+version+'/backported');

if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");

# Check that it is the correct version of PHP
if (version =~ "^5(\.5)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version);
if (version !~ "^5\.5\.") audit(AUDIT_NOT_DETECT, "PHP version 5.5.x", port);

if (version =~ "^5\.5\.([0-9]|1[0-3])($|[^0-9])")
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : '+source +
      '\n  Installed version : '+version+
      '\n  Fixed version     : 5.5.14\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
VendorProductVersionCPE
phpphpcpe:/a:php:php

References

Related

nessus 48
f5 4
openvas 45
slackware 1
amazon 4
mageia 3
osv 6
debian 10
ubuntu 2
securityvulns 4
fedora 3
oraclelinux 4
redhat 6
centos 4
ibm 3
freebsd 1
veracode 11
ubuntucve 10
prion 10
cve 10
kaspersky 1
debiancve 5
checkpoint_advisories 2
hackerone 1
suse 1
nessus
nessus
PHP 5.4.x < 5.4.30 Multiple Vulnerabilities
2014-06-27 00:00:00
PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities
2014-07-02 00:00:00
Amazon Linux AMI : php55 (ALAS-2014-372)
2014-10-12 00:00:00
f5
f5
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
K17313 : PHP vulnerability CVE-2014-4721
2015-10-06 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-192-01)
2022-04-21 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-367)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0284)
2022-01-28 00:00:00
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
amazon
amazon
Medium: php54
2014-07-09 16:24:00
Medium: php55
2014-07-09 16:42:00
Medium: file
2014-07-23 13:57:00
mageia
mageia
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
osv
osv
php5 - security update
2014-07-08 00:00:00
php5 - security update
2014-07-23 00:00:00
file - security update
2014-07-31 00:00:00
debian
debian
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[DLA-0018-1] php5 security update
2014-07-23 19:10:58
ubuntu
ubuntu
PHP vulnerabilities
2014-07-09 00:00:00
file vulnerabilities
2014-07-15 00:00:00
securityvulns
securityvulns
[USN-2276-1] PHP vulnerabilities
2014-07-14 00:00:00
file / PHP multiple security vulnerabilities
2014-07-14 00:00:00
PHP security vulnerabilities
2014-06-17 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 19 Update: php-5.5.14-1.fc19
2014-07-08 00:57:33
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
php53 and php security update
2014-08-06 00:00:00
file security and bug fix update
2015-11-23 00:00:00
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
(RHSA-2014:1766) Important: php55-php security update
2014-10-30 00:00:00
centos
centos
php security update
2014-08-06 14:38:20
php, php53 security update
2014-08-06 14:53:37
file, python security update
2015-11-30 19:28:42
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)
2018-06-16 21:19:23
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manager (FSM): (CVE-2014-3597, CVE-2014-4721 and CVE-2014-5459)
2019-01-31 01:45:01
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:16
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:17
ubuntucve
ubuntucve
CVE-2014-4721
2014-07-06 00:00:00
CVE-2014-3981
2014-06-08 00:00:00
CVE-2014-3478
2014-07-09 00:00:00
prion
prion
Type confusion
2014-07-06 23:55:00
Design/Logic Flaw
2014-07-09 11:07:00
Command injection
2014-07-09 11:07:00
cve
cve
CVE-2014-4721
2014-07-06 23:55:00
CVE-2014-3487
2014-07-09 11:07:00
CVE-2014-3981
2014-06-08 18:55:00
kaspersky
kaspersky
KLA10289 OSI vulnerability in PHP
2014-07-06 00:00:00
debiancve
debiancve
CVE-2014-3479
2014-07-09 11:07:00
CVE-2014-3487
2014-07-09 11:07:00
CVE-2014-3478
2014-07-09 11:07:00
checkpoint_advisories
checkpoint_advisories
PHP php_parserr DNS_TXT Heap Buffer Overflow (CVE-2014-4049)
2014-07-16 00:00:00
PHP unserialize Call SPL ArrayObject and SPLObjectStorage Memory Corruption (CVE-2014-3515)
2014-09-21 00:00:00
hackerone
hackerone
Internet Bug Bounty: SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
2014-06-20 00:00:00
suse
suse
Security update for PHP5 (important)
2014-07-04 00:04:20
JSON
Related for PHP_5_5_14.NASL
nessus48f54openvas45slackware1amazon4mageia3osv6debian10ubuntu2securityvulns4fedora3oraclelinux4redhat6centos4ibm3freebsd1veracode11ubuntucve10prion10cve10kaspersky1debiancve5checkpoint_advisories2hackerone1suse1