Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5300-3
HistoryMar 07, 2022 - 12:00 a.m.

PHP vulnerabilities

2022-03-0700:00:00
ubuntu.com
114
php
ubuntu 21.10
vulnerabilities
denial of service
sensitive information
xml parsing

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

EPSS

0.009

Percentile

83.1%

JSON

Releases

  • Ubuntu 21.10

Packages

  • php8.0 - HTML-embedded scripting language interpreter

Details

USN-5300-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 21.10.

Original advisory details:

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)

Related

openvas 48
ubuntu 5
osv 12
nessus 49
suse 10
cvelist 6
nvd 6
veracode 5
ubuntucve 6
prion 6
debiancve 6
f5 1
alpinelinux 2
cve 6
attackerkb 1
redhatcve 5
mageia 2
cbl_mariner 4
fedora 3
altlinux 4
checkpoint_advisories 1
ibm 4
debian 2
oraclelinux 1
rocky 1
redhat 2
almalinux 1
openvas
openvas
Ubuntu: Security Advisory (USN-5300-3)
2022-03-08 00:00:00
Ubuntu: Security Advisory (USN-5300-1)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5300-2)
2022-03-04 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2022-02-22 00:00:00
PHP vulnerabilities
2022-03-03 00:00:00
PHP vulnerabilities
2018-09-18 00:00:00
osv
osv
php7.2, php7.4 vulnerabilities
2022-03-03 13:58:39
php7.0 vulnerabilities
2022-02-22 20:26:05
CVE-2017-9119
2017-05-21 19:29:00
nessus
nessus
Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5300-1)
2022-02-23 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-5300-2)
2022-03-03 00:00:00
EulerOS 2.0 SP8 : php (EulerOS-SA-2022-2477)
2022-10-09 00:00:00
suse
suse
Security update for php7 (moderate)
2022-03-02 00:00:00
Security update for php7 (moderate)
2022-03-04 00:00:00
Security update for php7 (moderate)
2018-09-07 15:10:36
cvelist
cvelist
CVE-2015-9253
2018-02-19 19:00:00
CVE-2017-9119
2017-05-21 19:00:00
CVE-2017-9120
2018-08-02 15:00:00
nvd
nvd
CVE-2017-9119
2017-05-21 19:29:00
CVE-2015-9253
2018-02-19 19:29:00
CVE-2017-9120
2018-08-02 15:29:00
veracode
veracode
Denial Of Service (DoS)
2022-03-08 17:03:01
Denial Of Service (DoS)
2019-08-20 00:10:40
XML External Entity (XXE)
2021-11-21 10:33:56
ubuntucve
ubuntucve
CVE-2015-9253
2018-02-19 00:00:00
CVE-2017-9119
2017-05-21 00:00:00
CVE-2017-9120
2018-08-02 00:00:00
prion
prion
Code injection
2018-02-19 19:29:00
Integer overflow
2018-08-02 15:29:00
Design/Logic Flaw
2017-05-21 19:29:00
debiancve
debiancve
CVE-2015-9253
2018-02-19 19:29:00
CVE-2017-9120
2018-08-02 15:29:00
CVE-2017-9119
2017-05-21 19:29:00
f5
f5
K51753557 : PHP vulnerability CVE-2015-9253
2018-05-07 00:00:00
alpinelinux
alpinelinux
CVE-2015-9253
2018-02-19 19:29:00
CVE-2021-21707
2021-11-29 07:15:06
cve
cve
CVE-2015-9253
2018-02-19 19:29:00
CVE-2017-9119
2017-05-21 19:29:00
CVE-2017-9120
2018-08-02 15:29:00
attackerkb
attackerkb
CVE-2017-9120
2018-08-02 00:00:00
redhatcve
redhatcve
CVE-2017-9119
2017-05-30 10:20:59
CVE-2017-8923
2017-05-17 15:10:25
CVE-2017-9118
2019-10-20 12:03:51
mageia
mageia
Updated php packages fix security vulnerability
2021-12-24 00:01:45
Updated php packages fix security vulnerability
2021-11-20 22:31:06
cbl_mariner
cbl_mariner
CVE-2017-8923 affecting package php 7.4.14-3
2024-07-26 21:09:36
CVE-2017-9120 affecting package php 7.4.14-3
2024-07-26 21:09:36
CVE-2017-9118 affecting package php 7.4.14-3
2024-07-26 21:09:36
fedora
fedora
[SECURITY] Fedora 35 Update: php-8.0.13-1.fc35
2021-11-26 01:22:42
[SECURITY] Fedora 34 Update: php-7.4.26-1.fc34
2021-11-25 00:59:03
[SECURITY] Fedora 33 Update: php-7.4.26-1.fc33
2021-11-25 01:05:22
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.3.33-alt1
2021-11-29 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.13-alt1
2021-12-01 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.0.13-alt1
2021-11-20 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP XML Parser Remote Code Execution (CVE-2021-21707)
2022-02-20 00:00:00
ibm
ibm
Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities
2021-08-12 17:41:58
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2018-14851 CVE-2017-9118)
2019-04-15 15:25:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118)
2023-12-07 22:45:03
debian
debian
[SECURITY] [DSA 5082-1] php7.4 security update
2022-02-18 19:09:20
[SECURITY] [DLA 3243-1] php7.3 security update
2022-12-15 18:33:17
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2022-11-15 00:00:00
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
redhat
redhat
(RHSA-2022:7628) Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
(RHSA-2022:5491) Important: rh-php73-php security and bug fix update
2022-07-04 07:07:16
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

EPSS

0.009

Percentile

83.1%

JSON
Related for USN-5300-3
openvas48ubuntu5osv12nessus49suse10cvelist6nvd6veracode5ubuntucve6prion6debiancve6f51alpinelinux2cve6attackerkb1redhatcve5mageia2cbl_mariner4fedora3altlinux4checkpoint_advisories1ibm4debian2oraclelinux1rocky1redhat2almalinux1