Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:0311
HistoryMar 18, 2014 - 12:00 a.m.

(RHSA-2014:0311) Critical: php security update

2014-03-1800:00:00
access.redhat.com
21

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.5%

JSON

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A buffer overflow flaw was found in the way PHP parsed floating point
numbers from their text representation. If a PHP application converted
untrusted input strings to numbers, an attacker able to provide such input
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the application. (CVE-2009-0689)

It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a PHP
script access unexpected files and bypass intended file system access
restrictions. (CVE-2006-7243)

All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

Related

oraclelinux 3
openvas 44
centos 3
nessus 51
ubuntucve 5
veracode 2
cve 6
seebug 14
freebsd 4
securityvulns 11
prion 4
redhat 3
packetstorm 13
opera 1
debiancve 1
osv 4
mageia 1
fedora 3
threatpost 1
debian 6
chrome 1
ubuntu 1
exploitpack 5
mozilla 1
thn 1
redhatcve 1
exploitdb 5
hackerone 1
suse 1
f5 2
oraclelinux
oraclelinux
php security update
2014-03-18 00:00:00
kdelibs security update
2009-11-24 00:00:00
php security, bug fix, and enhancement update
2013-11-25 00:00:00
openvas
openvas
RedHat Update for php RHSA-2014:0311-01
2014-03-20 00:00:00
RedHat Update for php RHSA-2014:0311-01
2014-03-20 00:00:00
CentOS Update for php CESA-2014:0311 centos5
2014-03-20 00:00:00
centos
centos
php security update
2014-03-19 01:15:26
kdelibs security update
2009-11-25 14:52:10
php security update
2013-11-26 13:32:36
nessus
nessus
Scientific Linux Security Update : php on SL5.x i386/x86_64 (20140318)
2014-03-20 00:00:00
CentOS 5 : php (CESA-2014:0311)
2014-03-19 00:00:00
RHEL 5 : php (RHSA-2014:0311)
2014-03-19 00:00:00
ubuntucve
ubuntucve
CVE-2006-7243
2011-01-18 00:00:00
CVE-2015-4025
2015-06-09 00:00:00
CVE-2015-2348
2015-03-30 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:51:41
Denial Of Service (DoS)
2019-01-15 08:58:49
cve
cve
CVE-2006-7243
2011-01-18 20:00:00
CVE-2009-0689
2009-07-01 13:00:00
CVE-2015-4026
2015-06-09 18:59:00
seebug
seebug
PHP空字符安全限制绕过漏洞(CVE-2006-7243)
2012-04-12 00:00:00
多个BSD系统gdtoa/misc.c文件内存破坏漏洞
2009-06-30 00:00:00
Sun Solaris多个libc库数字转换函数缓冲区溢出漏洞
2010-05-25 00:00:00
freebsd
freebsd
php -- NULL byte poisoning
2010-12-10 00:00:00
mono -- DoS and code execution
2015-12-19 00:00:00
opera -- multiple vulnerabilities
2009-11-23 00:00:00
securityvulns
securityvulns
Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)
2009-12-15 00:00:00
Sun Solaris 10 libc/*convert (*cvt) buffer overflow
2010-05-27 00:00:00
Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)
2009-12-15 00:00:00
prion
prion
Heap overflow
2009-07-01 13:00:00
Design/Logic Flaw
2015-06-09 18:59:00
Code injection
2015-06-09 18:59:00
redhat
redhat
(RHSA-2009:1601) Critical: kdelibs security update
2009-11-24 00:00:00
(RHSA-2014:0312) Critical: php security update
2014-03-18 00:00:00
(RHSA-2013:1615) Moderate: php security, bug fix, and enhancement update
2013-11-21 00:00:00
packetstorm
packetstorm
Flock 2.5.2 Remote Array Overrun
2009-12-12 00:00:00
J 6.02.023 Array Overrun
2010-01-09 00:00:00
Matlab R2009b Array Overrun
2010-01-09 00:00:00
opera
opera
Heap buffer overflow in string to number conversion
2009-11-20 00:00:00
debiancve
debiancve
CVE-2009-0689
2009-07-01 13:00:00
osv
osv
mono - security update
2018-11-01 00:00:00
mono - security update
2015-12-30 00:00:00
kdelibs - arbitrary code execution
2010-02-17 00:00:00
mageia
mageia
Updated mono packages fix security vulnerability
2016-01-14 04:44:39
fedora
fedora
[SECURITY] Fedora 23 Update: mono-4.0.5-2.fc23
2015-12-29 22:26:22
[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22
2015-05-26 03:40:42
[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21
2015-05-27 16:13:20
threatpost
threatpost
'High Risk' Flaw Fixed in Google Chrome
2009-10-06 22:32:02
debian
debian
[SECURITY] [DLA 376-1] mono security update
2015-12-30 11:29:31
[SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution
2010-02-17 18:25:18
[Backports-security-announce] Security Update for nsrp
2010-07-21 08:26:53
chrome
chrome
Stable Channel Update
2009-09-30 00:00:00
ubuntu
ubuntu
KDE vulnerabilities
2009-12-11 00:00:00
exploitpack
exploitpack
Sunbird 0.9 - Array Overrun Code Execution
2009-12-11 00:00:00
Opera 10.01 - Remote Array Overrun
2009-11-19 00:00:00
SeaMonkey 1.1.8 - Remote Array Overrun
2009-11-19 00:00:00
mozilla
mozilla
Heap buffer overflow in string to number conversion — Mozilla
2009-10-27 00:00:00
thn
thn
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
2015-03-01 00:50:00
redhatcve
redhatcve
CVE-2019-11044
2020-03-28 20:00:41
exploitdb
exploitdb
Sunbird 0.9 - Array Overrun Code Execution
2009-12-11 00:00:00
K-Meleon 1.5.3 - Remote Array Overrun
2009-11-19 00:00:00
KDE KDELibs 4.3.3 - Remote Array Overrun
2009-11-19 00:00:00
hackerone
hackerone
Ruby: Ruby: Heap Overflow in Floating Point Parsing
2013-11-22 00:00:00
suse
suse
Security update for ruby (critical)
2013-12-05 18:04:15
f5
f5
K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.5%

JSON
Related for RHSA-2014:0311
oraclelinux3openvas44centos3nessus51ubuntucve5veracode2cve6seebug14freebsd4securityvulns11prion4redhat3packetstorm13opera1debiancve1osv4mageia1fedora3threatpost1debian6chrome1ubuntu1exploitpack5mozilla1thn1redhatcve1exploitdb5hackerone1suse1f52