CVE-2008-3660 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Affected Products (NVD)

Vendor	Product	Version
php	php	4.4.0
php	php	4.4.1
php	php	4.4.2
php	php	4.4.3
php	php	4.4.4
php	php	4.4.5
php	php	4.4.6
php	php	4.4.7
php	php	4.4.8
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php4

dapper	ignored
feisty	dne
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne

php5

dapper	Fixed 5.1.2-1ubuntu3.13 released
feisty	ignored
gutsy	Fixed 5.2.3-1ubuntu6.5 released
hardy	Fixed 5.2.4-2ubuntu5.5 released
intrepid	Fixed 5.2.6-2ubuntu4.1 released
jaunty	not-affected
karmic	not-affected

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32746

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securitytracker.com/id?1020994

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44402

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32746

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securitytracker.com/id?1020994

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44402

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html