Page 46 of 233 results (0.012 seconds)

CVSS: 7.5EPSS: 95%CPEs: 81EXPL: 2

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. La función asn1_time_to_time_t en ext / openssl / openssl.c en PHP anterior a 5.3.28, 5.4.x aterior a 5.4.23 y 5.5.x anterior de 5.5.7 no trata correctamente las marcas de tiempo (timestamps) (1) notBefore y (2) notAfter en certificados X 0.509 , lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un certificado manipulado que no está tratado adecuadamente por la función openssl_x509_parse. The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution. • https://www.exploit-db.com/exploits/30395 http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415 http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2013-1813.html http://rhn.redhat.com/errata/RHSA-2013-1815.html http://rhn.redhat.com/errata/RHSA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 59%CPEs: 15EXPL: 0

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) a través de una especificación de intervalo manipulada. A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://www.debian.org/security/2013/dsa-2816 http://www.ubuntu.com/usn/USN-2055-1 https://bugs.php.net/bug.php?id=66060 https://h20564&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 4.3EPSS: 2%CPEs: 95EXPL: 0

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. La función openssl_x509_parse en openssl.c en el módulo OpenSSL en PHP anterior a v5.4.18 y v5.5.x anterior v5.5.2 no manejar adecuadamente un carácter “\0” en un nombre de dominio en el campo Subject Alternative Name de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL de su elección mediante un certificado manipulado expedido por una Autoridad Certificadora legítima, un problema relacionado con CVE-2009-2408. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2874696a5a8d46639d261571f915c493cd875897 http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://rhn.redhat.com/errata/RHSA-2013-1307.html http://rhn.redhat.com/errata/RHSA-2013-1615.html http://secunia.com/advisories/54478 http://secunia.com/advisories/54657 http://secunia.com/advisories/55078 http:&#x • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 100EXPL: 0

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. Vulnerabilidad de fijación de sesión en el subsistema Sessions en PHP anterior a v5.5.2 permite a atacantes remotos secuestrar sesiones web especificando un ID de sesión. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde https://bugs.php.net/bug.php?id=60491 https://wiki.php.net/rfc/strict_sessions • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 61%CPEs: 2EXPL: 0

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. ext/xml/xml.c en PHP anteriores a v5.3.27 no consideran adecuado un análisis sintáctico profundo, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica)o posiblemente tener otro impacto no especificado a través de documentos manipulados que sea procesado por la función xml_parse_into_struct. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=7d163e8a0880ae8af2dd869071393e5dc07ef271 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html http://php.net/ChangeLog-5.php http://php.net/archive/2013.php#id2013-07-11-1 http://rhn.redhat.com/errata/RHSA-2013-1049.html http://rhn.redhat.com/errata/RHSA-2013-1050.h • CWE-787: Out-of-bounds Write •