Vulnerability-Lookup

CVE-2008-5498 (GCVE-0-2008-5498)

Vulnerability from cvelistv5 – Published: 2008-12-26 20:00 – Updated: 2024-08-07 10:56

Summary

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://downloads.securityfocus.com/vulnerabilitie…	x_refsource_MISC
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
	http://securitytracker.com/id?1021494	vdb-entryx_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=124654546101607&w=2	vendor-advisoryx_refsource_HP
	http://osvdb.org/51031	vdb-entryx_refsource_OSVDB
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/34642	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.php.net/releases/5_2_9.php	x_refsource_CONFIRM
	http://downloads.securityfocus.com/vulnerabilitie…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2009-03…	vendor-advisoryx_refsource_REDHAT
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://marc.info/?l=bugtraq&m=124654546101607&w=2	vendor-advisoryx_refsource_HP
	http://support.apple.com/kb/HT3865	x_refsource_CONFIRM
	http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2…	x_refsource_CONFIRM
	http://secunia.com/advisories/36701	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35306	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35650	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/33002	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:56:46.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
          },
          {
            "name": "HPSBUX02465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "1021494",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021494"
          },
          {
            "name": "SSRT090085",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "51031",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/51031"
          },
          {
            "name": "FEDORA-2009-3768",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
          },
          {
            "name": "php-imagerotate-info-disclosure(47635)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
          },
          {
            "name": "34642",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34642"
          },
          {
            "name": "SSRT090192",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/releases/5_2_9.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
          },
          {
            "name": "MDVSA-2009:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
          },
          {
            "name": "MDVSA-2009:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
          },
          {
            "name": "oval:org.mitre.oval:def:9667",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
          },
          {
            "name": "SUSE-SR:2009:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
          },
          {
            "name": "RHSA-2009:0350",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
          },
          {
            "name": "FEDORA-2009-3848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
          },
          {
            "name": "MDVSA-2009:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
          },
          {
            "name": "HPSBUX02431",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
          },
          {
            "name": "36701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "name": "35306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35306"
          },
          {
            "name": "35650",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35650"
          },
          {
            "name": "33002",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
        },
        {
          "name": "HPSBUX02465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "1021494",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021494"
        },
        {
          "name": "SSRT090085",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
        },
        {
          "name": "51031",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/51031"
        },
        {
          "name": "FEDORA-2009-3768",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
        },
        {
          "name": "php-imagerotate-info-disclosure(47635)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
        },
        {
          "name": "34642",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34642"
        },
        {
          "name": "SSRT090192",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "APPLE-SA-2009-09-10-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/releases/5_2_9.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
        },
        {
          "name": "MDVSA-2009:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
        },
        {
          "name": "MDVSA-2009:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
        },
        {
          "name": "oval:org.mitre.oval:def:9667",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
        },
        {
          "name": "SUSE-SR:2009:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
        },
        {
          "name": "RHSA-2009:0350",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
        },
        {
          "name": "FEDORA-2009-3848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
        },
        {
          "name": "MDVSA-2009:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
        },
        {
          "name": "HPSBUX02431",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3865"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
        },
        {
          "name": "36701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36701"
        },
        {
          "name": "35306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35306"
        },
        {
          "name": "35650",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35650"
        },
        {
          "name": "33002",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php",
              "refsource": "MISC",
              "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "1021494",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021494"
            },
            {
              "name": "SSRT090085",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "51031",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/51031"
            },
            {
              "name": "FEDORA-2009-3768",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
            },
            {
              "name": "php-imagerotate-info-disclosure(47635)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
            },
            {
              "name": "34642",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34642"
            },
            {
              "name": "SSRT090192",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "APPLE-SA-2009-09-10-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
            },
            {
              "name": "http://www.php.net/releases/5_2_9.php",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/releases/5_2_9.php"
            },
            {
              "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php",
              "refsource": "MISC",
              "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
            },
            {
              "name": "MDVSA-2009:023",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
            },
            {
              "name": "MDVSA-2009:022",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
            },
            {
              "name": "oval:org.mitre.oval:def:9667",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
            },
            {
              "name": "SUSE-SR:2009:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
            },
            {
              "name": "RHSA-2009:0350",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
            },
            {
              "name": "FEDORA-2009-3848",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
            },
            {
              "name": "MDVSA-2009:021",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
            },
            {
              "name": "HPSBUX02431",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT3865",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3865"
            },
            {
              "name": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u",
              "refsource": "CONFIRM",
              "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
            },
            {
              "name": "36701",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36701"
            },
            {
              "name": "35306",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35306"
            },
            {
              "name": "35650",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35650"
            },
            {
              "name": "33002",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5498",
    "datePublished": "2008-12-26T20:00:00.000Z",
    "dateReserved": "2008-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:56:46.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-382

Vulnerability from certfr_avis - Published: 2009-09-11 - Updated: 2009-09-11

De multiples vulnérabilités permettant entre autres l'exécution de code arbitraire à distance ont été corrigées dans MacOS X.

Description

Plusieurs vulnérabilités d'applications contenues dans MacOS X ont été corrigées. MacOS X 10.6 n'est concerné que par les failles affectant le plugin Flash Player. Les vulnérabilités permettent notamment l'exécution de code arbitraire à distance, l'élévation de privilèges et l'injection de code indirecte.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	MacOS X Server 10.4.x (Universal) ;
Apple	macOS	MacOS X 10.5.8 ;
Apple	macOS	MacOS X 10.4.11 ;
Apple	macOS	MacOS X 10.6.
Apple	macOS	MacOS X Server 10.5 ;
Apple	macOS	MacOS X Server 10.4.x (PowerPC) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3865 du 10 septembre 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3864 du 11 septembre 2009	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MacOS X Server 10.4.x (Universal) ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.5.8 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.4.11 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X Server 10.4.x (PowerPC) ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s d\u0027applications contenues dans MacOS X ont \u00e9t\u00e9\ncorrig\u00e9es. MacOS X 10.6 n\u0027est concern\u00e9 que par les failles affectant le\nplugin Flash Player. Les vuln\u00e9rabilit\u00e9s permettent notamment l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance, l\u0027\u00e9l\u00e9vation de privil\u00e8ges et l\u0027injection\nde code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1864"
    },
    {
      "name": "CVE-2009-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2804"
    },
    {
      "name": "CVE-2009-1867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1867"
    },
    {
      "name": "CVE-2009-2813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2813"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2805"
    },
    {
      "name": "CVE-2009-0949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0949"
    },
    {
      "name": "CVE-2009-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2800"
    },
    {
      "name": "CVE-2009-1866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1866"
    },
    {
      "name": "CVE-2009-2468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2468"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2009-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1865"
    },
    {
      "name": "CVE-2009-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1868"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    },
    {
      "name": "CVE-2009-1372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1372"
    },
    {
      "name": "CVE-2009-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2811"
    },
    {
      "name": "CVE-2009-2809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2809"
    },
    {
      "name": "CVE-2009-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1870"
    },
    {
      "name": "CVE-2009-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1862"
    },
    {
      "name": "CVE-2009-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2812"
    },
    {
      "name": "CVE-2009-1272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1272"
    },
    {
      "name": "CVE-2009-1241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1241"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1371"
    },
    {
      "name": "CVE-2008-6680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6680"
    },
    {
      "name": "CVE-2009-1270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1270"
    },
    {
      "name": "CVE-2009-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
    },
    {
      "name": "CVE-2009-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2807"
    },
    {
      "name": "CVE-2009-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2814"
    },
    {
      "name": "CVE-2009-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1863"
    },
    {
      "name": "CVE-2009-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1869"
    },
    {
      "name": "CVE-2009-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2803"
    }
  ],
  "initial_release_date": "2009-09-11T00:00:00",
  "last_revision_date": "2009-09-11T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-382",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eMacOS\nX\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3865 du 10 septembre 2009",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3864 du 11 septembre 2009",
      "url": "http://support.apple.com/kb/HT3864"
    }
  ]
}

CERTA-2009-AVI-257

Vulnerability from certfr_avis - Published: 2009-06-30 - Updated: 2009-06-30

Plusieurs vulnérabilités de HP-UX Apache Web Server Suite permettent de réaliser un déni de service à distance et d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités liées au langage PHP, au serveur Web Apache et aux moteurs de servlet basés sur celui de Tomcat permettent à un individu distant de réaliser un déni de service ou d'exécuter du code arbitraire. Ces vulnérabilités ont été décrites dans les avis précédents du CERTA.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	N/A	Apache Web Server Suite versions antérieures à v3.05 (HP-UX 11iv2 et 11iv3) ;
	Apache	N/A	Apache Web Server Suite versions antérieures à v2.25 (HP-UX 11iv1).

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01756421 du 29 juin 2009	None	vendor-advisory
Avis CERTA-2008-AVI-417 du 08 août 2008 :	-	other
Avis CERTA-2008-AVI-225 du 02 mai 2008 :	-	other
Avis CERTA-2008-AVI-011 du 09 janvier 2008 :	-	other
Avis CERTA-2009-AVI-083 du 03 mars 2009 :	-	other
Avis CERTA-2007-AVI-339 du 08 novembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v3.05 (HP-UX 11iv2 et 11iv3) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v2.25 (HP-UX 11iv1).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s li\u00e9es au langage PHP, au serveur Web Apache\net aux moteurs de servlet bas\u00e9s sur celui de Tomcat permettent \u00e0 un\nindividu distant de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire. Ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9crites dans les avis pr\u00e9c\u00e9dents\ndu CERTA.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2008-5625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5625"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-2168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2168"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3959"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2008-5624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5624"
    },
    {
      "name": "CVE-2008-5658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    }
  ],
  "initial_release_date": "2009-06-30T00:00:00",
  "last_revision_date": "2009-06-30T00:00:00",
  "links": [
    {
      "title": "Avis CERTA-2008-AVI-417 du 08 ao\u00fbt 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-417"
    },
    {
      "title": "Avis CERTA-2008-AVI-225 du 02 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-225"
    },
    {
      "title": "Avis CERTA-2008-AVI-011 du 09 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-011"
    },
    {
      "title": "Avis CERTA-2009-AVI-083 du 03 mars 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-083"
    },
    {
      "title": "Avis CERTA-2007-AVI-339 du 08 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-339"
    }
  ],
  "reference": "CERTA-2009-AVI-257",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eHP-UX Apache Web Server\nSuite\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance et\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9 de HP-UX Apache Web Server Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01756421 du 29 juin 2009",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01756421"
    }
  ]
}

CERTA-2009-AVI-083

Vulnerability from certfr_avis - Published: 2009-03-03 - Updated: 2009-03-03

Plusieurs vulnérabilités sont présentes dans PHP, permettant à un utilisateur malveillant de réaliser un déni de service et de porter atteinte à la confidentialité des données.

Description

Plusieurs vulnérabilités sont présentes dans PHP :

un défaut dans la décompression des archives zip permet à un utilisateur malveillant de provoquer un arrêt inopiné du serveur ;
une erreur de traitement des chaînes malformées transmises à la fonction json_decode() permet à un utilisateur malveillant de provoquer une erreur de segmentation ;
un problème dans la fonction explode() permet à un utilisateur malveillant de provoquer un déni de service ;
une erreur d'index de tableau dans la fonction imageRotate() est exploitable par un utilisateur malveillant pour lire toute la mémoire.

Solution

La version PHP 5.2.9 remédie à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

PHP 5.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de la version PHP 5.2.9 du 26 février 2008	None	vendor-advisory
Bulletin Mandriva MDVSA-2009:023 du 21 janvier 2009 :	-	other
Bulletin Mandriva MDVSA-2009:021 du 21 janvier 2009 :	-	other
Bulletin Mandriva MDVSA-2009:022 du 21 janvier 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ePHP 5.x.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans PHP\u00a0:\n\n-   un d\u00e9faut dans la d\u00e9compression des archives zip permet \u00e0 un\n    utilisateur malveillant de provoquer un arr\u00eat inopin\u00e9 du serveur\u00a0;\n-   une erreur de traitement des cha\u00eenes malform\u00e9es transmises \u00e0 la\n    fonction json_decode() permet \u00e0 un utilisateur malveillant de\n    provoquer une erreur de segmentation\u00a0;\n-   un probl\u00e8me dans la fonction explode() permet \u00e0 un utilisateur\n    malveillant de provoquer un d\u00e9ni de service\u00a0;\n-   une erreur d\u0027index de tableau dans la fonction imageRotate() est\n    exploitable par un utilisateur malveillant pour lire toute la\n    m\u00e9moire.\n\n## Solution\n\nLa version PHP 5.2.9 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3659"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    }
  ],
  "initial_release_date": "2009-03-03T00:00:00",
  "last_revision_date": "2009-03-03T00:00:00",
  "links": [
    {
      "title": "Bulletin Mandriva MDVSA-2009:023 du 21 janvier 2009 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
    },
    {
      "title": "Bulletin Mandriva MDVSA-2009:021 du 21 janvier 2009 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
    },
    {
      "title": "Bulletin Mandriva MDVSA-2009:022 du 21 janvier 2009 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
    }
  ],
  "reference": "CERTA-2009-AVI-083",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans PHP, permettant \u00e0 un\nutilisateur malveillant de r\u00e9aliser un d\u00e9ni de service et de porter\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de la version PHP 5.2.9 du 26 f\u00e9vrier 2008",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.9"
    }
  ]
}

FKIE_CVE-2008-5498

Vulnerability from fkie_nvd - Published: 2008-12-26 20:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u
cve@mitre.org	http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php	Exploit
cve@mitre.org	http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php	Exploit
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=124654546101607&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=125631037611762&w=2
cve@mitre.org	http://osvdb.org/51031
cve@mitre.org	http://secunia.com/advisories/34642
cve@mitre.org	http://secunia.com/advisories/35306
cve@mitre.org	http://secunia.com/advisories/35650
cve@mitre.org	http://secunia.com/advisories/36701
cve@mitre.org	http://securitytracker.com/id?1021494
cve@mitre.org	http://support.apple.com/kb/HT3865
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
cve@mitre.org	http://www.php.net/releases/5_2_9.php
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-0350.html
cve@mitre.org	http://www.securityfocus.com/bid/33002
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47635
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
af854a3a-2127-422b-91ae-364da2661108	http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361&diff_format=u
af854a3a-2127-422b-91ae-364da2661108	http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=124654546101607&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=125631037611762&w=2
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/51031
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34642
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35306
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35650
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36701
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021494
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3865
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:021
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:022
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:023
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/releases/5_2_9.php
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0350.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33002
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47635
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

Impacted products

Vendor	Product	Version
php	php	*
php	php	5
php	php	5.0
php	php	5.0
php	php	5.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6
php	php	5.2.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9FA6BB1-8F1F-423A-8353-054F5B3B7DBB",
              "versionEndIncluding": "5.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7EED44-A15E-451F-BF5B-DB0BECA73C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3797AB5-9E49-4251-A212-B6E5D9996764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image."
    },
    {
      "lang": "es",
      "value": "Error de \u00edndice de array en la funci\u00f3n imageRotate en PHP 5.2.8 y anteriores permite a atacantes dependientes del contexto leer los contenidos de posiciones de memoria de su elecci\u00f3n mediante un valor manipulado del tercer argumento (tambi\u00e9n conocido como el argumento bgd_color o clrBack) para una imagen indexada."
    }
  ],
  "id": "CVE-2008-5498",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-26T20:30:00.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/51031"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35306"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35650"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021494"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/releases/5_2_9.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33002"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/51031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/releases/5_2_9.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8C7C-9PP7-6933

Vulnerability from github – Published: 2022-05-14 02:17 – Updated: 2022-05-14 02:17

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-5498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-26T20:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
  "id": "GHSA-8c7c-9pp7-6933",
  "modified": "2022-05-14T02:17:27Z",
  "published": "2022-05-14T02:17:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
    },
    {
      "type": "WEB",
      "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
    },
    {
      "type": "WEB",
      "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
    },
    {
      "type": "WEB",
      "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/51031"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35306"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35650"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021494"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/releases/5_2_9.php"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-5498

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-5498

Aliases

CVE-2008-5498

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-5498",
    "description": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
    "id": "GSD-2008-5498",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-5498.html",
      "https://access.redhat.com/errata/RHSA-2009:0350",
      "https://access.redhat.com/errata/RHSA-2009:0338",
      "https://access.redhat.com/errata/RHSA-2009:0337",
      "https://linux.oracle.com/cve/CVE-2008-5498.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-5498"
      ],
      "details": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
      "id": "GSD-2008-5498",
      "modified": "2023-12-13T01:23:04.586814Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-5498",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php",
            "refsource": "MISC",
            "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
          },
          {
            "name": "HPSBUX02465",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "1021494",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021494"
          },
          {
            "name": "SSRT090085",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "51031",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/51031"
          },
          {
            "name": "FEDORA-2009-3768",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
          },
          {
            "name": "php-imagerotate-info-disclosure(47635)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
          },
          {
            "name": "34642",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34642"
          },
          {
            "name": "SSRT090192",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "http://www.php.net/releases/5_2_9.php",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/releases/5_2_9.php"
          },
          {
            "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php",
            "refsource": "MISC",
            "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
          },
          {
            "name": "MDVSA-2009:023",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
          },
          {
            "name": "MDVSA-2009:022",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
          },
          {
            "name": "oval:org.mitre.oval:def:9667",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
          },
          {
            "name": "SUSE-SR:2009:008",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
          },
          {
            "name": "RHSA-2009:0350",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
          },
          {
            "name": "FEDORA-2009-3848",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
          },
          {
            "name": "MDVSA-2009:021",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
          },
          {
            "name": "HPSBUX02431",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "http://support.apple.com/kb/HT3865",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "name": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u",
            "refsource": "CONFIRM",
            "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
          },
          {
            "name": "36701",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "name": "35306",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35306"
          },
          {
            "name": "35650",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35650"
          },
          {
            "name": "33002",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33002"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5498"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002.php"
            },
            {
              "name": "1021494",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021494"
            },
            {
              "name": "33002",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33002"
            },
            {
              "name": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360\u0026r2=1.2027.2.547.2.1361\u0026diff_format=u"
            },
            {
              "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/33002-2.php"
            },
            {
              "name": "51031",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/51031"
            },
            {
              "name": "MDVSA-2009:021",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021"
            },
            {
              "name": "MDVSA-2009:023",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
            },
            {
              "name": "MDVSA-2009:022",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
            },
            {
              "name": "http://www.php.net/releases/5_2_9.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/releases/5_2_9.php"
            },
            {
              "name": "SUSE-SR:2009:008",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
            },
            {
              "name": "34642",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34642"
            },
            {
              "name": "RHSA-2009:0350",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
            },
            {
              "name": "FEDORA-2009-3848",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
            },
            {
              "name": "35306",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35306"
            },
            {
              "name": "FEDORA-2009-3768",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
            },
            {
              "name": "SSRT090085",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "35650",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35650"
            },
            {
              "name": "APPLE-SA-2009-09-10-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3865",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3865"
            },
            {
              "name": "36701",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36701"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "php-imagerotate-info-disclosure(47635)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47635"
            },
            {
              "name": "oval:org.mitre.oval:def:9667",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9667"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2008-12-26T20:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-5498 (GCVE-0-2008-5498)

CERTA-2009-AVI-382

Description

Solution

CERTA-2009-AVI-257

Description

Solution

CERTA-2009-AVI-083

Description

Solution

FKIE_CVE-2008-5498

GHSA-8C7C-9PP7-6933

GSD-2008-5498

Tags

Sightings

Nomenclature