Web application abuses : PHP < 5.2.12 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100409

Categoría: Web application abuses

Título: PHP < 5.2.12 Multiple Vulnerabilities

Resumen: PHP is prone to multiple vulnerabilities.

Descripción: Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Impact:
Attackers can exploit the code execution vulnerability to
execute arbitrary code within the context of the PHP process. This may allow them to bypass
intended security restrictions or gain elevated privileges.

An attacker may leverage the cross-site scripting vulnerability to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site. This may let the
attacker steal cookie-based authentication credentials and launch other attacks.

Affected Software/OS:
PHP versions prior to 5.2.12.

Solution:
Update to version 5.2.12 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4142
1023372
http://securitytracker.com/id?1023372
37389
http://www.securityfocus.com/bid/37389
37821
http://secunia.com/advisories/37821
38648
http://secunia.com/advisories/38648
40262
http://secunia.com/advisories/40262
ADV-2009-3593
http://www.vupen.com/english/advisories/2009/3593
APPLE-SA-2010-03-29-1
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
DSA-2001
http://www.debian.org/security/2010/dsa-2001
HPSBUX02543
http://marc.info/?l=bugtraq&m=127680701405735&w=2
SSRT100152
http://bugs.php.net/bug.php?id=49785
http://support.apple.com/kb/HT4077
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_12.php
oval:org.mitre.oval:def:10005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10005
oval:org.mitre.oval:def:7085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7085
Common Vulnerability Exposure (CVE) ID: CVE-2009-4143
37390
http://www.securityfocus.com/bid/37390
41480
http://secunia.com/advisories/41480
41490
http://secunia.com/advisories/41490
HPSBMA02568
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
MDVSA-2010:045
http://www.mandriva.com/security/advisories?name=MDVSA-2010:045
SSRT100219
oval:org.mitre.oval:def:7439
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100409
Categoría:	Web application abuses
Título:	PHP < 5.2.12 Multiple Vulnerabilities
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Impact: Attackers can exploit the code execution vulnerability to execute arbitrary code within the context of the PHP process. This may allow them to bypass intended security restrictions or gain elevated privileges. An attacker may leverage the cross-site scripting vulnerability to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Affected Software/OS: PHP versions prior to 5.2.12. Solution: Update to version 5.2.12 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4142 1023372 http://securitytracker.com/id?1023372 37389 http://www.securityfocus.com/bid/37389 37821 http://secunia.com/advisories/37821 38648 http://secunia.com/advisories/38648 40262 http://secunia.com/advisories/40262 ADV-2009-3593 http://www.vupen.com/english/advisories/2009/3593 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-2001 http://www.debian.org/security/2010/dsa-2001 HPSBUX02543 http://marc.info/?l=bugtraq&m=127680701405735&w=2 SSRT100152 http://bugs.php.net/bug.php?id=49785 http://support.apple.com/kb/HT4077 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_12.php oval:org.mitre.oval:def:10005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10005 oval:org.mitre.oval:def:7085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7085 Common Vulnerability Exposure (CVE) ID: CVE-2009-4143 37390 http://www.securityfocus.com/bid/37390 41480 http://secunia.com/advisories/41480 41490 http://secunia.com/advisories/41490 HPSBMA02568 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 MDVSA-2010:045 http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 SSRT100219 oval:org.mitre.oval:def:7439 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439
Copyright	Copyright (C) 2009 Greenbone AG