CVE-2008-3660 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
php	php	4.4.0
php	php	4.4.1
php	php	4.4.2
php	php	4.4.3
php	php	4.4.4
php	php	4.4.5
php	php	4.4.6
php	php	4.4.7
php	php	4.4.8
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php4

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
dapper	ignored

php5

karmic	not-affected
jaunty	not-affected
intrepid	Fixed 5.2.6-2ubuntu4.1 released
hardy	Fixed 5.2.4-2ubuntu5.5 released
gutsy	Fixed 5.2.3-1ubuntu6.5 released
feisty	ignored
dapper	Fixed 5.1.2-1ubuntu3.13 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32746

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securitytracker.com/id?1020994

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44402

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

http://bugs.gentoo.org/show_bug.cgi?id=234102

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/31982

http://secunia.com/advisories/32148

http://secunia.com/advisories/32746

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://security.gentoo.org/glsa/glsa-200811-05.xml

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2008/dsa-1647

http://www.mandriva.com/security/advisories?name=MDVSA-2009:021

http://www.mandriva.com/security/advisories?name=MDVSA-2009:022

http://www.mandriva.com/security/advisories?name=MDVSA-2009:023

http://www.mandriva.com/security/advisories?name=MDVSA-2009:024

http://www.openwall.com/lists/oss-security/2008/08/08/2

http://www.openwall.com/lists/oss-security/2008/08/13/8

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securitytracker.com/id?1020994

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2008/2336

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/44402

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9597

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html