Spoofing Attack

2020-04-1000:42:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

php is vulnerable to spoofing attacks. It was discovered that PHP was affected by the previously published “null prefix attack”, caused by incorrect handling of NUL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse PHP into accepting it by mistake.

CPENameOperatorVersion
phpeq5.1.6__7.el5
phpeq5.1.6__11.el5
phpeq5.1.6__20.el5_2.1
phpeq5.1.6__12.el5
phpeq5.1.6__20.el5
phpeq5.1.6__23.2.el5_3
phpeq5.1.6__15.el5
phpeq5.1.6__23.el5
phpeq5.1.6__5.el5
phpeq5.1.6__7.el5

Name	Operator	Version
php	eq	5.1.6__7.el5
php	eq	5.1.6__11.el5
php	eq	5.1.6__20.el5_2.1
php	eq	5.1.6__12.el5
php	eq	5.1.6__20.el5
php	eq	5.1.6__23.2.el5_3
php	eq	5.1.6__15.el5
php	eq	5.1.6__23.el5
php	eq	5.1.6__5.el5
php	eq	5.1.6__7.el5