CVE-2009-3557

Related Files

HP Security Bulletin HPSBUX02543 SSRT100152

Posted Jun 19, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) gain unauthorized access, and perform cross site scripting (XSS).

tags | advisory, denial of service, php, vulnerability, xss

systems | hpux

advisories | CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3557, CVE-2009-4017, CVE-2009-4018, CVE-2009-4142, CVE-2009-4143

SHA-256 | c1954c41fb731ee70c50740ef529fcd3936287138bfd2ad9872394c9aa5a8553

Download | Favorite | View

Mandriva Linux Security Advisory 2009-324

Posted Dec 7, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, php, vulnerability

systems | linux, mandriva

advisories | CVE-2008-7068, CVE-2009-1271, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3546, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018

SHA-256 | e3afdb1902dc3655ca41902b102924f73c6a2af7992eeefb617e4d6c17506ffa

Download | Favorite | View

Mandriva Linux Security Advisory 2009-303

Posted Nov 30, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-303 - Some vulnerabilities were discovered and corrected in php-5.2.11.

tags | advisory, php, vulnerability

systems | linux, mandriva

advisories | CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018

SHA-256 | 844464288de02b7df255dd47353061c269f2ec0291cd09a19dade3c22d33c267

Download | Favorite | View

Ubuntu Security Notice 862-1

Posted Nov 27, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service.

tags | advisory, remote, denial of service, php

systems | linux, osx, ubuntu

advisories | CVE-2008-7068, CVE-2009-3291, CVE-2009-3292, CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4018

SHA-256 | 4f878a13f8d4ca2752e08bf4d244d21c1e5497b18bc52847b8aad57c52a0fa41

Download | Favorite | View

Mandriva Linux Security Advisory 2009-302

Posted Nov 23, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-302 - Some vulnerabilities were discovered and corrected in php-5.3.1.

tags | advisory, php, vulnerability

systems | linux, mandriva

advisories | CVE-2009-3292, CVE-2009-3557, CVE-2009-3558, CVE-2009-3559

SHA-256 | a0ce7da0ac8e1b13fe4bfd3054d144216d266c1034944be910714f24fb8b1173

Download | Favorite | View