The remote host is affected by the vulnerability described in GLSA-201209-03 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could execute arbitrary code with the privileges of       the process, cause a Denial of Service condition, obtain sensitive       information, create arbitrary files, conduct directory traversal attacks,       bypass protection mechanisms, or perform further attacks with unspecified       impact.
  Workaround :

    There is no known workaround at this time.

According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to 7.2.1.0. It is, therefore, affected by the following vulnerabilities :

  - An information disclosure vulnerability, known as BEAST,     exists in the SSL 3.0 and TLS 1.0 protocols due to a     flaw in the way the initialization vector (IV) is     selected when operating in cipher-block chaining (CBC)     modes. A man-in-the-middle attacker can exploit this     to obtain plaintext HTTP header data, by using a     blockwise chosen-boundary attack (BCBA) on an HTTPS     session, in conjunction with JavaScript code that uses     the HTML5 WebSocket API, the Java URLConnection API,     or the Silverlight WebClient API. (CVE-2011-3389)

  - The utility 'apachectl' can receive a zero-length     directory name in the LD_LIBRARY_PATH via the 'envvars'     file. A local attacker with access to that utility     could exploit this to load a malicious Dynamic Shared     Object (DSO), leading to arbitrary code execution.
    (CVE-2012-0883)

  - Numerous, unspecified errors could allow remote denial     of service attacks. (CVE-2012-2110, CVE-2012-2329,     CVE-2012-2336, CVE-2013-2357, CVE-2013-2358,     CVE-2013-2359, CVE-2013-2360)

  - The fix for CVE-2012-1823 does not completely correct     the CGI query parameter vulnerability. Disclosure of     PHP source code and code execution are still possible.
    Note that this vulnerability is exploitable only when     PHP is used in CGI-based configurations.  Apache with     'mod_php' is not an exploitable configuration.
    (CVE-2012-2311, CVE-2012-2335)

  - Unspecified errors exist that could allow unauthorized     access. (CVE-2012-5217, CVE-2013-2355)

  - Unspecified errors exist that could allow disclosure of     sensitive information. (CVE-2013-2356, CVE-2013-2363)

  - An unspecified error exists that could allow cross-site     scripting attacks. (CVE-2013-2361)

  - Unspecified errors exist that could allow a local     attacker to cause denial of service conditions.
    (CVE-2013-2362, CVE-2013-2364)

  - An as-yet unspecified vulnerability exists that could     cause a denial of service condition. (CVE-2013-4821)

PHP5 was updated with incremental fixes to the previous update.

  - Additional unsafe cgi wrapper scripts are also fixed     now. (CVE-2012-2335)

  - Even more commandline option handling is filtered, which     could lead to crashes of the php interpreter.
    (CVE-2012-2336)

  - heap-based buffer overflow in php's phar extension.
    (CVE-2012-2386)

  - The crypt() implementation ignored wide characters,     leading to shorter effective password lengths. Note:
    With this update applied affected passwords will no     longer work and need to be set again. (CVE-2012-2143)

PHP5 was updated with incremental fixes to the previous update :

  - Additional unsafe cgi wrapper scripts are also fixed     now. (CVE-2012-2335)

  - Even more commandline option handling is filtered, which     could lead to crashes of the php interpreter.
    (CVE-2012-2336)

It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781)

It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack.
(CVE-2012-1172)

Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. (CVE-2012-2143)

It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. A remote attacker could possibly use this flaw to bypass authentication. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317)

It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server, or to perform a denial of service. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2335, CVE-2012-2336)

Alexander Gavrun discovered that the PHP Phar extension incorrectly handled certain malformed TAR files. A remote attacker could use this flaw to perform a denial of service, or possibly execute arbitrary code. (CVE-2012-2386).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.13 and, as such, is potentially affected by a remote code execution and information disclosure vulnerability.

The fix for CVE-2012-1823 does not completely correct the CGI query vulnerability. Disclosure of PHP source code and code execution via query parameters are still possible.

Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations.  Apache with 'mod_php' is not an exploitable configuration.

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.3. It is, therefore, potentially affected the following vulnerabilities : 

  - The fix for CVE-2012-1823 does not completely correct     the CGI query parameter vulnerability. Disclosure of     PHP source code and code execution are still possible.
    Note that this vulnerability is exploitable only when     PHP is used in CGI-based configurations.  Apache with     'mod_php' is not an exploitable configuration.
    (CVE-2012-2311, CVE-2012-2335, CVE-2012-2336)

  - An unspecified buffer overflow exists related to the     function 'apache_request_headers'. (CVE-2012-2329)

The PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program.  This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc.

The patch for CVE-2012-1823 was incomplete, this update fixes the remaining bits (CVE-2012-2335, CVE-2012-2336)

A vulnerability has been found and corrected in php(-cgi) :

PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server (CVE-2012-1823).

The updated packages have been patched to correct this issue.

Update :

It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete (CVE-2012-2335, CVE-2012-2336). The updated packages provides the latest version (5.3.13) which provides a solution to this flaw.

Versions of PHP 5.3.x prior to 5.3.13 are affected by a code execution vulnerability. The fix for CVE-2012-1823 does not completely correct the CGI query vulnerability. Disclosure of PHP source code and code execution via query paramenters are still possible.

Note, this vulnerability is exploitable only when PHP is used by CGI-based configurations. Apache with 'mod-php' is not an exploitable configuration.

Versions of PHP 5.4.x prior to 5.4.3 are affected by the following vulnerabilities :

 - The fix for CVE-2012-1823 does not completely correct the CGI query parameter vulnerability. Disclosure of PHP source code and code execution via query paramenters are still possible. Note that his vulnerability is exploitable only when PHP is used by CGI-based configurations. Apache with 'mod-php' is not an exploitable configuration. (CVE-2012-2311, CVE-2012-2335, CVE-2012-2336)
 - An unspecified buffer overflow exists related to the function 'apache_request_headers'. (CVE-2012-2329)
 - An arbitrary code execution vulnerability which affects the function 'com_event_sink()' when processing a specially crafted COM object.

PHP versions earlier than 5.4.3 are affected by the following vulnerabilities.

  - The fix for CVE-2012-1823 does not completely correct the CGI query parameter vulnerability. Disclosure of PHP source code and code execution via query paramenters are still possible. Note that his vulnerability is exploitable only when PHP is used by CGI-based configurations. Apache with 'mod-php' is not an exploitable configuration. (CVE-2012-2311, CVE-2012-2335, CVE-2012-2336)

  - An unspecified buffer overflow exists related to the function 'apache_request_headers'. (CVE-2012-2329)

PHP versions earlier than 5.3.13 are affected by a code execution vulnerability.

 The fix for CVE-2012-1823 does not completely correct the CGI query vulnerability. Disclosure of PHP source code and code execution via query paramenters are still possible.

Note that his vulnerability is exploitable only when PHP is used by CGI-based configurations. Apache with  'mod-php' is not an exploitable configuration.

ID	Name	Product	Family	Published	Updated	Severity
62236	GLSA-201209-03 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	9/24/2012	3/28/2022	critical
69020	HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)	Nessus	Web Servers	7/23/2013	12/5/2022	high
64104	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6440)	Nessus	SuSE Local Security Checks	1/25/2013	1/19/2021	high
64100	SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6316)	Nessus	SuSE Local Security Checks	1/25/2013	1/19/2021	high
59603	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1481-1)	Nessus	Ubuntu Local Security Checks	6/20/2012	9/19/2019	high
59056	PHP 5.3.x < 5.3.13 CGI Query String Code Execution	Nessus	CGI abuses	5/9/2012	11/22/2024	high
59057	PHP 5.4.x < 5.4.3 Multiple Vulnerabilities	Nessus	CGI abuses	5/9/2012	11/22/2024	high
70728	Apache PHP-CGI Remote Code Execution	Nessus	CGI abuses	11/1/2013	4/25/2023	critical
59445	SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8133)	Nessus	SuSE Local Security Checks	6/11/2012	1/19/2021	high
74630	openSUSE Security Update : php5 (openSUSE-2012-288)	Nessus	SuSE Local Security Checks	6/13/2014	3/28/2022	high
59010	Mandriva Linux Security Advisory : php (MDVSA-2012:068-1)	Nessus	Mandriva Local Security Checks	5/7/2012	3/28/2022	high
6494	PHP 5.3.x < 5.3.13 CGI Query String Code Execution	Nessus Network Monitor	Web Servers	6/5/2012	3/6/2019	high
6495	PHP 5.4.x < 5.4.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	6/5/2012	3/6/2019	high
801071	PHP 5.3.x < 5.4.3 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	6/5/2012		high
801100	PHP 5.3.x < 5.3.13 CGI Query String Code Execution	Log Correlation Engine	Web Servers	6/5/2012		high

Detections

Analytics

Plugins Search

critical

high

high

high

high

high

high

critical

high

high

high

high

high

high

high