Web application abuses : PHP < 5.3.1 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100359

Categoría: Web application abuses

Título: PHP < 5.3.1 Multiple Vulnerabilities

Resumen: PHP is prone to multiple security vulnerabilities.

Descripción: Summary:
PHP is prone to multiple security vulnerabilities.

Vulnerability Impact:
Some of these issues may be exploited to bypass security
restrictions and create arbitrary files or cause denial-of-service conditions. The impact of the
other issues has not been specified.

Affected Software/OS:
PHP versions prior to 5.3.1.

Solution:
Updates are available. Please see the references for more
information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3559
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_3_1.php
http://www.mandriva.com/security/advisories?name=MDVSA-2009:302
http://bugs.php.net/bug.php?id=50063
http://www.openwall.com/lists/oss-security/2009/11/20/2
http://www.openwall.com/lists/oss-security/2009/11/20/3
http://www.openwall.com/lists/oss-security/2009/11/20/5
http://news.php.net/php.announce/79
Common Vulnerability Exposure (CVE) ID: CVE-2009-4017
20091120 PHP "multipart/form-data" denial of service
http://seclists.org/fulldisclosure/2009/Nov/228
http://www.securityfocus.com/archive/1/507982/100/0/threaded
37482
http://secunia.com/advisories/37482
37821
http://secunia.com/advisories/37821
40262
http://secunia.com/advisories/40262
41480
http://secunia.com/advisories/41480
41490
http://secunia.com/advisories/41490
ADV-2009-3593
http://www.vupen.com/english/advisories/2009/3593
APPLE-SA-2010-03-29-1
DSA-1940
http://www.debian.org/security/2009/dsa-1940
HPSBMA02568
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HPSBUX02543
http://marc.info/?l=bugtraq&m=127680701405735&w=2
MDVSA-2009:303
http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
MDVSA-2009:305
http://www.mandriva.com/security/advisories?name=MDVSA-2009:305
SSRT100152
SSRT100219
[oss-security] 20091120 CVE request: php 5.3.1 update
[oss-security] 20091120 Re: CVE request: php 5.3.1 update
http://www.openwall.com/lists/oss-security/2009/11/20/7
[php-announce] 20091119 5.3.1 Release announcement
http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/
http://www.php.net/releases/5_2_12.php
oval:org.mitre.oval:def:10483
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483
oval:org.mitre.oval:def:6667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667
php-multipart-formdata-dos(54455)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54455

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100359
Categoría:	Web application abuses
Título:	PHP < 5.3.1 Multiple Vulnerabilities
Resumen:	PHP is prone to multiple security vulnerabilities.
Descripción:	Summary: PHP is prone to multiple security vulnerabilities. Vulnerability Impact: Some of these issues may be exploited to bypass security restrictions and create arbitrary files or cause denial-of-service conditions. The impact of the other issues has not been specified. Affected Software/OS: PHP versions prior to 5.3.1. Solution: Updates are available. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3559 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_3_1.php http://www.mandriva.com/security/advisories?name=MDVSA-2009:302 http://bugs.php.net/bug.php?id=50063 http://www.openwall.com/lists/oss-security/2009/11/20/2 http://www.openwall.com/lists/oss-security/2009/11/20/3 http://www.openwall.com/lists/oss-security/2009/11/20/5 http://news.php.net/php.announce/79 Common Vulnerability Exposure (CVE) ID: CVE-2009-4017 20091120 PHP "multipart/form-data" denial of service http://seclists.org/fulldisclosure/2009/Nov/228 http://www.securityfocus.com/archive/1/507982/100/0/threaded 37482 http://secunia.com/advisories/37482 37821 http://secunia.com/advisories/37821 40262 http://secunia.com/advisories/40262 41480 http://secunia.com/advisories/41480 41490 http://secunia.com/advisories/41490 ADV-2009-3593 http://www.vupen.com/english/advisories/2009/3593 APPLE-SA-2010-03-29-1 DSA-1940 http://www.debian.org/security/2009/dsa-1940 HPSBMA02568 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 MDVSA-2009:303 http://www.mandriva.com/security/advisories?name=MDVSA-2009:303 MDVSA-2009:305 http://www.mandriva.com/security/advisories?name=MDVSA-2009:305 SSRT100152 SSRT100219 [oss-security] 20091120 CVE request: php 5.3.1 update [oss-security] 20091120 Re: CVE request: php 5.3.1 update http://www.openwall.com/lists/oss-security/2009/11/20/7 [php-announce] 20091119 5.3.1 Release announcement http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/ http://www.php.net/releases/5_2_12.php oval:org.mitre.oval:def:10483 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483 oval:org.mitre.oval:def:6667 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667 php-multipart-formdata-dos(54455) https://exchange.xforce.ibmcloud.com/vulnerabilities/54455
Copyright	Copyright (C) 2009 Greenbone AG