RHEL 9 : php (RHSA-2023:5926)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5926 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity witho...

Amazon Linux 2 : php (ALASPHP8.0-2023-009)

The version of php installed on the remote host is prior to 8.0.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-009 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

Amazon Linux 2 : php (ALASPHP8.1-2023-004)

The version of php installed on the remote host is prior to 8.1.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-004 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

Medium: php8.1

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

SUSE-SU-2023:2980-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP bsc1212349...

Updated php packages fix security vulnerability

Fixed SOAP bug GHSA-76gg-c692-v2mw Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. CVE-2023-3247...

MGASA-2023-0234 Updated php packages fix security vulnerability

Fixed SOAP bug GHSA-76gg-c692-v2mw Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. CVE-2023-3247...

SUSE SLES12 Security Update : php74 (SUSE-SU-2023:2848-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2848-1 advisory. - The vulnerability exists due to a missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. A remote...

SUSE-SU-2023:2848-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP bsc1212349...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:2828-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2828-1 advisory. - The vulnerability exists due to a missing error check and insufficient random bytes in HTTP Digest...

CVE-2023-3247

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

CVE-2023-33274

CVE-2023-33274 affects PowerShield SNMP Web Pro 1.1. The vulnerability is in the authentication mechanism, allowing unauthenticated users to directly access CGI scripts due to a lack of proper cookie verification. It affects all instances where HTTP Digest authentication is not enabled, regardles...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

PT-2023-24259 · Unknown · Powershield Snmp Web Pro

Name of the Vulnerable Software and Affected Versions: PowerShield SNMP Web Pro version 1.1 Description: The authentication mechanism contains an issue that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This...

SUSE-SU-2023:2610-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP bsc1212349...

Debian: Security Advisory (DSA-5425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP < 8.0.29, 8.1.x < 8.1.20, 8.2.x < 8.2.7 Security Update - Windows

PHP is prone to a missing error check and insufficient random bytes in HTTP Digest authentication for SOAP vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Improper Access Control in Apache Tomcat

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

GHSA-99RF-92V6-CWX4 Improper Access Control in Apache Tomcat

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...