Lucene search

Veracode Vulnerability DatabaseVERACODE:23116

HistoryApr 10, 2020 - 12:16 a.m.

Arbitrary Code Execution

2020-04-1000:16:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.016 Low

EPSS

Percentile

87.5%

JSON

php is vulnerable to arbitrary code execution. A number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the ‘apache’ user.

CPENameOperatorVersion
phpeq5.1.4__1.el4s1.5
phpeq5.1.4__1.el4s1.4
phpeq5.1.4__1.el4s1.2
phpeq5.1.6__5.el5
phpeq5.1.4__1.el4s1.5
phpeq5.1.4__1.el4s1.4
phpeq5.1.4__1.el4s1.2
phpeq5.1.6__5.el5

Name	Operator	Version
php	eq	5.1.4__1.el4s1.5
php	eq	5.1.4__1.el4s1.4
php	eq	5.1.4__1.el4s1.2
php	eq	5.1.6__5.el5
php	eq	5.1.4__1.el4s1.5
php	eq	5.1.4__1.el4s1.4
php	eq	5.1.4__1.el4s1.2
php	eq	5.1.6__5.el5

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html

lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

osvdb.org/34706

osvdb.org/34707

osvdb.org/34708

osvdb.org/34709

osvdb.org/34710

osvdb.org/34711

osvdb.org/34712

osvdb.org/34713

osvdb.org/34714

osvdb.org/34715

rhn.redhat.com/errata/RHSA-2007-0089.html

secunia.com/advisories/24089

secunia.com/advisories/24195

secunia.com/advisories/24217

secunia.com/advisories/24236

secunia.com/advisories/24248

secunia.com/advisories/24284

secunia.com/advisories/24295

secunia.com/advisories/24322

secunia.com/advisories/24419

secunia.com/advisories/24421

secunia.com/advisories/24432

secunia.com/advisories/24514

secunia.com/advisories/24606

secunia.com/advisories/24642

secunia.com/advisories/24945

secunia.com/advisories/26048

security.gentoo.org/glsa/glsa-200703-21.xml

support.avaya.com/elmodocs2/security/ASA-2007-101.htm

support.avaya.com/elmodocs2/security/ASA-2007-136.htm

www.mandriva.com/security/advisories?name=MDKSA-2007:048

www.openpkg.com/security/advisories/OpenPKG-SA-2007.010.html

www.osvdb.org/32776

www.php.net/ChangeLog-5.php#5.2.1

www.php.net/releases/5_2_1.php

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2007-0076.html

www.redhat.com/support/errata/RHSA-2007-0081.html

www.redhat.com/support/errata/RHSA-2007-0082.html

www.redhat.com/support/errata/RHSA-2007-0088.html

www.securityfocus.com/archive/1/461462/100/0/threaded

www.securityfocus.com/archive/1/466166/100/0/threaded

www.securityfocus.com/bid/22496

www.securitytracker.com/id?1017671

www.trustix.org/errata/2007/0009/

www.ubuntu.com/usn/usn-424-1

www.ubuntu.com/usn/usn-424-2

www.us.debian.org/security/2007/dsa-1264

www.vupen.com/english/advisories/2007/0546

access.redhat.com/errata/RHSA-2007:0082

issues.rpath.com/browse/RPL-1088

issues.rpath.com/browse/RPL-1268

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8992

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for VERACODE:23116