Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1315-1)
Summary:The remote host is missing an update for the 'PHP5' package(s) announced via the SUSE-SU-2013:1315-1 advisory.
The remote host is missing an update for the 'PHP5' package(s) announced via the SUSE-SU-2013:1315-1 advisory.

Vulnerability Insight:
The following security issues have been fixed in PHP5:


CVE-2013-4635: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP allowed context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.


CVE-2013-1635: ext/soap/soap.c in PHP did not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allowed remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.


CVE-2013-1643: The SOAP parser in PHP allowed remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.


CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.


CVE-2011-1398 / CVE-2012-4388: The sapi_header_op function in main/SAPI.c in PHP did not check for %0D sequences (aka carriage return characters), which allowed remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

A hardening measure has been implemented without CVE:

* use FilesMatch with 'SetHandler' rather than
'AddHandler' [bnc#775852]
* fixed php bug #43200 (Interface implementation /
inheritence not possible in abstract classes) [bnc#783239]

Security Issue reference:

* CVE-2013-4113

Affected Software/OS:
'PHP5' package(s) on SUSE Linux Enterprise Server 11 SP1

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1398
RedHat Security Advisories: RHSA-2013:1307
SuSE Security Announcement: SUSE-SU-2013:1315 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-4388
Common Vulnerability Exposure (CVE) ID: CVE-2013-1635
Debian Security Information: DSA-2639 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:1285 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-1643
RedHat Security Advisories: RHSA-2013:1615
Common Vulnerability Exposure (CVE) ID: CVE-2013-4113
Debian Security Information: DSA-2723 (Google Search)
RedHat Security Advisories: RHSA-2013:1049
RedHat Security Advisories: RHSA-2013:1050
RedHat Security Advisories: RHSA-2013:1061
RedHat Security Advisories: RHSA-2013:1062
RedHat Security Advisories: RHSA-2013:1063
SuSE Security Announcement: SUSE-SU-2013:1316 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4635
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.