Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.71377 |
Kategorie: | FreeBSD Local Security Checks |
Titel: | FreeBSD Ports: php5 |
Zusammenfassung: | The remote host is missing an update to the system; as announced in the referenced advisory. |
Beschreibung: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: php5 php53 php52 CVE-2012-1823 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. CVE-2012-2311 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. CVE-2012-2329 Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1823 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html CERT/CC vulnerability note: VU#520827 http://www.kb.cert.org/vuls/id/520827 CERT/CC vulnerability note: VU#673343 http://www.kb.cert.org/vuls/id/673343 Debian Security Information: DSA-2465 (Google Search) http://www.debian.org/security/2012/dsa-2465 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: HPSBUX02791 http://marc.info/?l=bugtraq&m=134012830914727&w=2 HPdes Security Advisory: SSRT100856 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ RedHat Security Advisories: RHSA-2012:0546 http://rhn.redhat.com/errata/RHSA-2012-0546.html RedHat Security Advisories: RHSA-2012:0547 http://rhn.redhat.com/errata/RHSA-2012-0547.html RedHat Security Advisories: RHSA-2012:0568 http://rhn.redhat.com/errata/RHSA-2012-0568.html RedHat Security Advisories: RHSA-2012:0569 http://rhn.redhat.com/errata/RHSA-2012-0569.html RedHat Security Advisories: RHSA-2012:0570 http://rhn.redhat.com/errata/RHSA-2012-0570.html http://www.securitytracker.com/id?1027022 http://secunia.com/advisories/49014 http://secunia.com/advisories/49065 http://secunia.com/advisories/49085 http://secunia.com/advisories/49087 SuSE Security Announcement: SUSE-SU-2012:0598 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0604 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html SuSE Security Announcement: openSUSE-SU-2012:0590 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2311 HPdes Security Advisory: HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 HPdes Security Advisory: SSRT100992 Common Vulnerability Exposure (CVE) ID: CVE-2012-2329 BugTraq ID: 53455 http://www.securityfocus.com/bid/53455 XForce ISS Database: php-apacherequestheaders-bo(75545) https://exchange.xforce.ibmcloud.com/vulnerabilities/75545 |
Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |