Lucene search
Tenable9097.PRMHistoryFeb 25, 2016 - 12:00 a.m.
PHP 5.3.x < 5.3.14 / 5.4.x < 5.4.4 Multiple Vulnerabilities
2016-02-2500:00:00
Tenable
www.tenable.com
16
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.095
Percentile
94.8%
Versions of PHP 5.3.x prior to 5.3.14, or 5.4.x prior to 5.4.4 are affected by the following vulnerabilities :
- An integer overflow error exists in the function âphar_parse_tarfileâ in the file âext/phar/tar.câ. This error can lead to a heap-based buffer overflow when handling a maliciously crafted TAR file. Arbitrary code execution is possible due to this error. (CVE-2012-2386)
- A weakness exists in the âcryptâ function related to the DES implementation that can allow brute-force attacks. (CVE-2012-2143)
- Several design errors exist involving the incorrect parsing of PHP PDO prepared statements could lead to disclosure of sensitive information or denial of service. (CVE-2012-3450)
- A variable initialization error exists in the file âext/openssl/openssl.câ that can allow process memory contents to be disclosed when input data is of length zero. (CVE-2012-6113)
Binary data 9097.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6113
www.nessus.org/u?6adf7abc
www.nessus.org/u?99140286
www.nessus.org/u?a42ad63a
www.php.net/ChangeLog-5.php#5.3.14
bugs.php.net/bug.php?id=61755
Related
nessus
nessus
PHP 5.3.x < 5.3.14 Multiple Vulnerabilities
2012-06-15 00:00:00
PHP 5.4.x < 5.4.4 Multiple Vulnerabilities
2012-06-15 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2012:093)
2012-06-15 00:00:00
amazon
amazon
Medium: php
2012-07-05 16:09:00
Medium: postgresql9
2012-06-19 16:02:00
Medium: postgresql8
2012-07-05 16:08:00
openvas
openvas
Fedora Update for maniadrive FEDORA-2012-9762
2012-07-03 00:00:00
Fedora Update for maniadrive FEDORA-2012-9490
2012-08-30 00:00:00
Fedora Update for maniadrive FEDORA-2012-9762
2012-07-03 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: maniadrive-1.2-41.fc17
2012-06-30 22:07:21
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.6
2012-07-02 22:31:44
[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.6
2012-07-02 22:31:44
suse
suse
Security update for PHP5 (important)
2012-07-05 03:08:30
Security update for PHP5 (important)
2012-08-24 09:08:27
cve
cve
seebug
seebug
PHP 'openssl_encrypt()'ĺ˝ć°äżĄćŻćłé˛ćźć´
2013-01-22 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2492-1] php5 security update
2012-06-13 00:00:00
PHP information leakage
2013-01-27 00:00:00
FreeBSD Security Advisory FreeBSD-SA-12:02.crypt
2012-05-31 00:00:00
exploitdb
exploitdb
PHP 'phar' Extension 1.1.1 - Heap Overflow
2011-04-22 00:00:00
PHP 5.4.3 - PDO Memory Access Violation Denial of Service
2012-08-02 00:00:00
ubuntucve
ubuntucve
nvd
nvd
ubuntu
ubuntu
PHP vulnerability
2013-01-22 00:00:00
PHP vulnerabilities
2012-06-19 00:00:00
PostgreSQL vulnerabilities
2012-06-05 00:00:00
prion
prion
Input validation
2013-01-19 21:55:00
Default credentials
2012-07-05 14:55:00
Integer overflow
2012-07-07 10:21:00
cvelist
cvelist
f5
f5
SOL15478 - PHP vulnerability CVE-2012-2386
2014-08-06 00:00:00
K15478 : PHP vulnerability CVE-2012-2386
2014-08-07 00:00:00
debian
debian
[SECURITY] [DSA 2492-1] php5 security update
2012-06-10 16:30:45
[SECURITY] [DSA 2491-1] postgresql-8.4 security update
2012-06-09 11:57:54
[SECURITY] [DSA 2527-1] php5 security update
2012-08-13 18:16:56
freebsd
freebsd
databases/postgresql*-server -- crypt vulnerabilities
2012-05-30 00:00:00
FreeBSD -- Incorrect crypt() hashing
2012-05-30 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:02.crypt
2012-05-30 00:00:00
veracode
veracode
Authentication Bypass
2019-01-15 08:53:32
Denial Of Service (DoS)
2019-05-02 04:42:10
Denial Of Service (DoS) And Remote Code Execution (RCE)
2019-05-02 04:42:14
postgresql
postgresql
Vulnerability in contrib module (CVE-2012-2143)
2012-07-05 14:55:02
checkpoint_security
checkpoint_security
centos
centos
postgresql security update
2012-06-25 22:25:31
postgresql, postgresql84 security update
2012-06-25 22:38:39
php53 security update
2012-06-27 20:24:26
oraclelinux
oraclelinux
postgresql security update
2012-06-25 00:00:00
php53 security update
2012-06-27 00:00:00
redhat
redhat
(RHSA-2012:1036) Moderate: postgresql security update
2012-06-25 00:00:00
(RHSA-2012:1037) Moderate: postgresql and postgresql84 security update
2012-06-25 00:00:00
(RHSA-2012:1047) Moderate: php53 security update
2012-06-27 00:00:00
osv
osv
postgresql-8.4 - several
2012-06-09 00:00:00
php5 - several
2012-08-13 00:00:00
hackerone
hackerone
Yahoo!: Out of date version
2014-03-30 08:47:50
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.095
Percentile
94.8%
Related for 9097.PRM