Lucene search
This script is Copyright (C) 2008-2024 Tenable Network Security, Inc.PHP_4_4_8.NASLHistoryJan 03, 2008 - 12:00 a.m.
PHP < 4.4.8 Multiple Vulnerabilities
2008-01-0300:00:00
This script is Copyright (C) 2008-2024 Tenable Network Security, Inc.
www.tenable.com
97
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.388
Percentile
97.3%
According to its banner, the version of PHP installed on the remote host is older than 4.4.8. Such versions may be affected by several issues, including integer overflows involving the ‘chunk_split’, ‘strcspn’, and ‘strspn’ functions, and ‘safe_mode’ / ‘open_basedir’ bypasses.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(29833);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/31");
script_cve_id(
"CVE-2007-3378",
"CVE-2007-3799",
"CVE-2007-3997",
"CVE-2007-4657",
"CVE-2007-4658",
"CVE-2008-0145",
"CVE-2008-2108"
);
script_bugtraq_id(24661, 49631);
script_name(english:"PHP < 4.4.8 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server uses a version of PHP that is affected by
multiple issues.");
script_set_attribute(attribute:"description", value:
"According to its banner, the version of PHP installed on the remote
host is older than 4.4.8. Such versions may be affected by several
issues, including integer overflows involving the 'chunk_split',
'strcspn', and 'strspn' functions, and 'safe_mode' / 'open_basedir'
bypasses.");
script_set_attribute(attribute:"see_also", value:"http://www.php.net/releases/4_4_8.php");
script_set_attribute(attribute:"solution", value:
"Upgrade to PHP version 4.4.8 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 119, 189, 264);
script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/30");
script_set_attribute(attribute:"patch_publication_date", value:"2008/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2008-2024 Tenable Network Security, Inc.");
script_dependencies("php_version.nasl");
script_require_keys("www/PHP");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("audit.inc");
include("webapp_func.inc");
port = get_http_port(default:80, php:TRUE);
php = get_php_from_kb(
port : port,
exit_on_fail : TRUE
);
version = php["ver"];
source = php["src"];
backported = get_kb_item('www/php/'+port+'/'+version+'/backported');
if (report_paranoia < 2 && backported)
audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install");
if (version =~ "^3\.|4\.[0-3]\." ||
version =~ "^4\.4\.[0-7]($|[^0-9])"
)
{
if (report_verbosity > 0)
{
report =
'\n Version source : '+source +
'\n Installed version : '+version+
'\n Fixed version : 4.4.8\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
www.php.net/releases/4_4_8.php
Related
openvas
openvas
PHP < 4.4.8 Multiple Vulnerabilities
2020-08-17 00:00:00
PHP < 4.4.8 Multiple Vulnerabilities
2012-06-21 00:00:00
Slackware: Security Advisory (SSA:2008-045-03)
2012-09-10 00:00:00
nessus
nessus
Slackware 10.2 / 11.0 : php (SSA:2008-045-03)
2008-02-18 00:00:00
Debian DSA-1578-1 : php4 - several vulnerabilities
2008-05-19 00:00:00
Debian DSA-1444-2 : php5 - several vulnerabilities
2008-01-04 00:00:00
oraclelinux
oraclelinux
Moderate: php security update
2007-09-20 00:00:00
Moderate: php security update
2007-09-26 00:00:00
php security update
2008-07-16 00:00:00
nvd
nvd
securityvulns
securityvulns
[Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability
2007-06-27 00:00:00
PHP 5.2.4 mail.force_extra_parameters unsecure
2007-11-26 00:00:00
PHP safe mode protection bypass with htaccess
2007-11-26 00:00:00
cve
cve
cvelist
cvelist
osv
osv
php4 - several vulnerabilities
2008-05-17 00:00:00
php5 several issues
2008-01-23 00:00:00
php5 - several vulnerabilities
2009-05-04 00:00:00
prion
prion
Design/Logic Flaw
2007-09-04 18:17:00
Design/Logic Flaw
2007-06-29 18:30:00
Format string
2007-09-04 22:17:00
ubuntucve
ubuntucve
seebug
seebug
PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
2014-07-01 00:00:00
PHP MySQL/MySQLi扩展绕过安全限制漏洞
2007-09-05 00:00:00
PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
2007-09-10 00:00:00
veracode
veracode
Improper Session Handling
2020-04-10 00:18:57
Privilege Escalation
2020-04-10 00:18:59
Weak Random Number Generator
2020-04-10 00:22:38
exploitpack
exploitpack
PHP 4.4.75.2.3 - MySQLMySQLi Safe_Mode Bypass
2007-09-10 00:00:00
redhatcve
redhatcve
debian
debian
[SECURITY] [DSA 1578-1] New php4 packages fix several vulnerabilities
2008-05-17 11:44:14
[SECURITY] [DSA 1444-2] New php5 packages fix regression
2008-01-23 21:29:45
[SECURITY] [DSA 1444-1] New php5 packages fix several vulnerabilities
2008-01-03 20:25:59
f5
f5
freebsd
freebsd
php -- multiple vulnerabilities
2007-08-30 00:00:00
ubuntu
ubuntu
PHP regression
2007-12-03 00:00:00
PHP vulnerabilities
2007-11-29 00:00:00
PHP vulnerabilities
2008-07-23 00:00:00
redhat
redhat
(RHSA-2007:0890) Moderate: php security update
2007-09-20 00:00:00
(RHSA-2007:0891) Moderate: php security update
2007-10-25 00:00:00
(RHSA-2007:0917) Moderate: php security update
2007-10-23 00:00:00
centos
centos
php security update
2007-09-20 14:31:37
php security update
2007-09-26 09:03:28
php security update
2007-10-24 03:08:58
fedora
fedora
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.7.fc6
2007-09-24 20:33:40
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-06-20 19:09:41
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
2008-07-26 06:03:23
gentoo
gentoo
PHP: Multiple vulnerabilities
2007-10-07 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.388
Percentile
97.3%
Related for PHP_4_4_8.NASL