Web application abuses : PHP 5.2.x < 5.2.15, 5.3.x

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801547

Categoría: Web application abuses

Título: PHP 5.2.x < 5.2.15, 5.3.x < 5.3.4 Multiple Vulnerabilities

Resumen: PHP is prone to multiple vulnerabilities.

Descripción: Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2010-3709: NULL pointer dereference vulnerability in 'ZipArchive::getArchiveComment'

- CVE-2010-3710: Stack consumption vulnerability in the filter_var function when
FILTER_VALIDATE_EMAIL mode is used while processing the long e-mail address string.

Vulnerability Impact:
Successful exploitation could allow remote attackers to cause a
denial of service (memory consumption and application crash) via a long e-mail address string.

Affected Software/OS:
PHP version 5.2.x through 5.2.14 and 5.3.x through 5.3.3.

Solution:
Update to version 5.2.15, 5.3.4 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3709
1024690
http://www.securitytracker.com/id?1024690
15431
http://www.exploit-db.com/exploits/15431
20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
http://securityreason.com/achievement_securityalert/90
42729
http://secunia.com/advisories/42729
42812
http://secunia.com/advisories/42812
44718
http://www.securityfocus.com/bid/44718
ADV-2010-3313
http://www.vupen.com/english/advisories/2010/3313
ADV-2011-0020
http://www.vupen.com/english/advisories/2011/0020
ADV-2011-0021
http://www.vupen.com/english/advisories/2011/0021
ADV-2011-0077
http://www.vupen.com/english/advisories/2011/0077
APPLE-SA-2011-03-21-1
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
FEDORA-2010-18976
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
FEDORA-2010-19011
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
HPSBMA02662
http://marc.info/?l=bugtraq&m=130331363227777&w=2
HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
MDVSA-2010:218
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
RHSA-2011:0195
http://www.redhat.com/support/errata/RHSA-2011-0195.html
SSA:2010-357-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619
SSRT100409
SSRT100826
USN-1042-1
http://www.ubuntu.com/usn/USN-1042-1
http://support.apple.com/kb/HT4581
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2010.php#id2010-12-10-1
http://www.php.net/releases/5_2_15.php
http://www.php.net/releases/5_3_4.php
Common Vulnerability Exposure (CVE) ID: CVE-2010-3710
43189
http://secunia.com/advisories/43189
43926
http://www.securityfocus.com/bid/43926
RHSA-2011:0196
http://www.redhat.com/support/errata/RHSA-2011-0196.html
SUSE-SR:2010:023
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://bugs.php.net/bug.php?id=52929

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801547
Categoría:	Web application abuses
Título:	PHP 5.2.x < 5.2.15, 5.3.x < 5.3.4 Multiple Vulnerabilities
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2010-3709: NULL pointer dereference vulnerability in 'ZipArchive::getArchiveComment' - CVE-2010-3710: Stack consumption vulnerability in the filter_var function when FILTER_VALIDATE_EMAIL mode is used while processing the long e-mail address string. Vulnerability Impact: Successful exploitation could allow remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. Affected Software/OS: PHP version 5.2.x through 5.2.14 and 5.3.x through 5.3.3. Solution: Update to version 5.2.15, 5.3.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3709 1024690 http://www.securitytracker.com/id?1024690 15431 http://www.exploit-db.com/exploits/15431 20101105 PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference http://securityreason.com/achievement_securityalert/90 42729 http://secunia.com/advisories/42729 42812 http://secunia.com/advisories/42812 44718 http://www.securityfocus.com/bid/44718 ADV-2010-3313 http://www.vupen.com/english/advisories/2010/3313 ADV-2011-0020 http://www.vupen.com/english/advisories/2011/0020 ADV-2011-0021 http://www.vupen.com/english/advisories/2011/0021 ADV-2011-0077 http://www.vupen.com/english/advisories/2011/0077 APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html FEDORA-2010-18976 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html FEDORA-2010-19011 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 MDVSA-2010:218 http://www.mandriva.com/security/advisories?name=MDVSA-2010:218 RHSA-2011:0195 http://www.redhat.com/support/errata/RHSA-2011-0195.html SSA:2010-357-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 SSRT100409 SSRT100826 USN-1042-1 http://www.ubuntu.com/usn/USN-1042-1 http://support.apple.com/kb/HT4581 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.php.net/releases/5_2_15.php http://www.php.net/releases/5_3_4.php Common Vulnerability Exposure (CVE) ID: CVE-2010-3710 43189 http://secunia.com/advisories/43189 43926 http://www.securityfocus.com/bid/43926 RHSA-2011:0196 http://www.redhat.com/support/errata/RHSA-2011-0196.html SUSE-SR:2010:023 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://bugs.php.net/bug.php?id=52929
Copyright	Copyright (C) 2010 Greenbone AG