Lucene search
SuseSUSE-SA:2004:021HistoryJul 16, 2004 - 12:43 p.m.
remote code execution in php4/mod_php4
2004-07-1612:43:18
lists.opensuse.org
151
0.961 High
EPSS
Percentile
99.3%
PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the “memory_limit” handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a problem within the “strip_tags” function has been found and fixed which allowed remote attackers to inject arbitrary tags into certain web browsers, issuing XSS related attacks. Since there is no easy workaround except disabling PHP, we recommend an update for users running the PHP interpreter within the apache web server.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.1 | x86_64 | php4-mysql | < 4.3.4-43.11 | php4-mysql-4.3.4-43.11.x86_64.rpm |
| openSUSE | 9.0 | i586 | mod_php4 | < 4.3.3-177 | mod_php4-4.3.3-177.i586.rpm |
| openSUSE | 8.2 | i586 | mod_php4-core | < 4.3.1-169 | mod_php4-core-4.3.1-169.i586.rpm |
| openSUSE | 9.0 | i586 | mod_php4-servlet | < 4.3.3-177 | mod_php4-servlet-4.3.3-177.i586.rpm |
| openSUSE | 9.1 | i586 | php4 | < 4.3.4-43.11 | php4-4.3.4-43.11.i586.rpm |
| openSUSE | 8.1 | i586 | mod_php4-servlet | < 4.2.2-479 | mod_php4-servlet-4.2.2-479.i586.rpm |
| openSUSE | 9.1 | i586 | php4-imap | < 4.3.4-43.11 | php4-imap-4.3.4-43.11.i586.rpm |
| openSUSE | 8.1 | i586 | mod_php4-core | < 4.2.2-479 | mod_php4-core-4.2.2-479.i586.rpm |
| openSUSE | 9.1 | i586 | php4-servlet | < 4.3.4-43.11 | php4-servlet-4.3.4-43.11.i586.rpm |
| openSUSE | 9.0 | x86_64 | mod_php4-servlet | < 4.3.3-177 | mod_php4-servlet-4.3.3-177.x86_64.rpm |
Related
nessus
nessus
RHEL 3 : php (RHSA-2004:392)
2004-07-20 00:00:00
PHP < 4.3.8 Multiple Vulnerabilities
2004-07-15 00:00:00
Debian DSA-531-1 : php4 - several vulnerabilities
2004-09-29 00:00:00
redhat
redhat
(RHSA-2004:392) php security update
2004-07-19 00:00:00
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:191) cadaver security update
2004-05-19 00:00:00
openvas
openvas
HP-UX Update for Apache HPSBUX01064
2009-05-05 00:00:00
HP-UX Update for Apache HPSBUX01064
2009-05-05 00:00:00
Debian Security Advisory DSA 531-1 (php4)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
securityvulns
securityvulns
[Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability
2004-07-14 00:00:00
SUSE Security Announcement: kernel (SuSE-SA:2004:017)
2004-06-18 00:00:00
Advisory 06/2004: libneon date parsing vulnerability
2004-05-19 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
cadaver heap-based buffer overflow
2004-05-20 00:00:00
neon heap-based buffer overflow
2004-05-20 00:00:00
osv
osv
php3 - several
2005-02-07 00:00:00
php4 - several vulnerabilities
2004-07-20 00:00:00
neon - buffer overflow
2004-05-19 00:00:00
suse
suse
remote system compromise in subversion
2004-06-17 09:42:39
remote system compromise in squid
2004-06-09 14:47:16
local denial-of-service attack in kernel
2004-06-16 14:13:55
debiancve
debiancve
CVE-2004-0398
2004-07-07 04:00:00
CVE-2004-0493
2004-08-06 04:00:00
ubuntucve
ubuntucve
cve
cve
freebsd
freebsd
neon date parsing vulnerability
2004-05-19 00:00:00
php -- strip_tags cross-site scripting vulnerability
2004-07-07 00:00:00
php -- memory_limit related vulnerability
2004-07-07 00:00:00
httpd
httpd
Apache Httpd < 2.0.50 : Header parsing memory leak
2004-06-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache 2.0.x Input Header Folding Denial of Service (CVE-2004-0493)
2009-12-13 00:00:00
packetstorm
packetstorm
mambo453.txt
2006-02-26 00:00:00
canvas
canvas
Immunity Canvas: PHP_LIMIT
2004-07-27 04:00:00
cert
cert
exploitpack
exploitpack
Mambo 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00
exploitdb
exploitdb
Mambo < 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00