CVE-2008-5557 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
php	php	4.3.0
php	php	4.3.1
php	php	4.3.2
php	php	4.3.3
php	php	4.3.4
php	php	4.3.5
php	php	4.3.6
php	php	4.3.7
php	php	4.3.8
php	php	4.3.9
php	php	4.3.10
php	php	4.3.11
php	php	4.4.0
php	php	4.4.1
php	php	4.4.2
php	php	4.4.3
php	php	4.4.4
php	php	4.4.5
php	php	4.4.6
php	php	4.4.7
php	php	4.4.8
php	php	4.4.9
php	php	5.0.0
php	php	5.0.0:beta1
php	php	5.0.0:beta2
php	php	5.0.0:beta3
php	php	5.0.0:beta4
php	php	5.0.0:rc1
php	php	5.0.0:rc2
php	php	5.0.0:rc3
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5
php	php	5.2.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php4

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
dapper	ignored

php5

karmic	not-affected
jaunty	not-affected
intrepid	Fixed 5.2.6-2ubuntu4.1 released
hardy	Fixed 5.2.4-2ubuntu5.5 released
gutsy	Fixed 5.2.3-1ubuntu6.5 released
dapper	Fixed 5.1.2-1ubuntu3.13 released

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html

http://bugs.php.net/bug.php?id=45722

http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/34642

http://secunia.com/advisories/35003

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://securitytracker.com/id?1021482

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2009/dsa-1789

http://www.mandriva.com/security/advisories?name=MDVSA-2009:045

http://www.php.net/ChangeLog-5.php#5.2.7

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securityfocus.com/bid/32948

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/47525

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html

http://bugs.php.net/bug.php?id=45722

http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?r1=1.7&r2=1.8

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/34642

http://secunia.com/advisories/35003

http://secunia.com/advisories/35074

http://secunia.com/advisories/35306

http://secunia.com/advisories/35650

http://securitytracker.com/id?1021482

http://support.apple.com/kb/HT3549

http://wiki.rpath.com/Advisories:rPSA-2009-0035

http://www.debian.org/security/2009/dsa-1789

http://www.mandriva.com/security/advisories?name=MDVSA-2009:045

http://www.php.net/ChangeLog-5.php#5.2.7

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securityfocus.com/archive/1/501376/100/0/threaded

http://www.securityfocus.com/bid/32948

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/47525

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10286

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html