Lucene search

K
osvGoogleOSV:DSA-2742-1
HistoryAug 26, 2013 - 12:00 a.m.

php5 - interpretation conflict

2013-08-2600:00:00
Google
osv.dev
7

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

It was discovered that PHP, a general-purpose scripting language
commonly used for web application development, did not properly
process embedded NUL characters in the subjectAltName extension of
X.509 certificates. Depending on the application and with
insufficient CA-level checks, this could be abused for impersonating
other users.

For the oldstable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze17.

For the stable distribution (wheezy), this problem has been fixed in
version 5.4.4-14+deb7u4.

For the unstable distribution (sid), this problem has been fixed in
version 5.5.3+dfsg-1.

We recommend that you upgrade your php5 packages.

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for OSV:DSA-2742-1