CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 1CVE-2014-4721 – php: type confusion issue in phpinfo() leading to information leak
https://notcve.org/view.php?id=CVE-2014-4721
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. La implementación phpinfo en ext/standard/info.c en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14 no asegura el uso del tipo de datos de cadenas para las variables PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER y PHP_SELF, lo que podría permitir a atacantes dependientes de contexto obtener información sensible de la memoria de proceso mediante el uso de el tipo de datos de enteros con valores manipulados, relacionado con una vulnerabilidad de 'confusión de tipo', tal y como fue demostrado mediante la lectura de una clave SSL privada en un entorno de alojamiento web de Apache HTTP Server con mod_ssl y un 5.3.x mod_php de PHP. A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. • http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/54553 http://secunia.com/advisories/59794 http://secunia.com/advisories/59831 http://twitter.com/mikispag/statuses/485713462258302976 http://www-01.ibm.com/support/docview.wss?uid=swg21683486 http://www.debian.org/security/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.0EPSS: 1%CPEs: 23EXPL: 4CVE-2014-3538 – file: unrestricted regular expression matching
https://notcve.org/view.php?id=CVE-2014-3538
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. file anterior a 5.19 no restringe debidamente la cantidad de datos leídos durante una búsqueda regex, lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de un fichero manipulado que provoca un retroceso durante el procesamiento de una norma awk. NOTA: esta vulnerabilidad existe debido a una soluciona incompleta para CVE-2013-7345. Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://mx.gw.com/pipermail/file/2014/001553.html http://openwall.com/lists/oss-security/2014/06/30/7 http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2016-0760.html http://secunia.com/advisories/60696 http://www.debian.org/security/2014/dsa-3008 http:/ • CWE-399: Resource Management Errors •
CVSS: 5.1EPSS: 94%CPEs: 14EXPL: 0CVE-2014-4049 – php: heap-based buffer overflow in DNS TXT record parsing
https://notcve.org/view.php?id=CVE-2014-4049
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. Desbordamiento de buffer basado en memoria dinámica en la función php_parserr en ext/standard/dns.c en PHP 5.6.0beta4 y anteriores permite a servidores remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un registro DNS TXT manipulado, relacionado con la función dns_get_record. A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3981
https://notcve.org/view.php?id=CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. acinclude.m4, utilizado en la secuencia de comandos de configuración en PHP 5.5.13 y anteriores, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo /tmp/phpglibccheck. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91bcadd85e20e50d3f8c2e9721327681640e6f16 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://openwall.com/lists/oss-security/2014/06/06/12 http://seclists.org/fulldisclosure/2014/Jun/21 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21683486 http://www.oracl • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 0CVE-2014-0237 – file: cdf_unpack_summary_info() excessive looping DoS
https://notcve.org/view.php?id=CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. La función cdf_unpack_summary_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) mediante la provocación de muchas llamadas file_printf. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •