PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html
http://openwall.com/lists/oss-security/2012/01/13/10
http://openwall.com/lists/oss-security/2012/01/13/4
http://openwall.com/lists/oss-security/2012/01/13/5
http://openwall.com/lists/oss-security/2012/01/13/6
http://openwall.com/lists/oss-security/2012/01/13/7
http://openwall.com/lists/oss-security/2012/01/14/1
http://openwall.com/lists/oss-security/2012/01/14/2
http://openwall.com/lists/oss-security/2012/01/14/3
http://openwall.com/lists/oss-security/2012/01/15/1
http://openwall.com/lists/oss-security/2012/01/15/10
http://openwall.com/lists/oss-security/2012/01/15/2
http://openwall.com/lists/oss-security/2012/01/18/3
http://php.net/ChangeLog-5.php#5.3.9
http://secunia.com/advisories/48668
http://www.debian.org/security/2012/dsa-2399
OR
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.8 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
74580 | openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1) | Nessus | SuSE Local Security Checks | high |
68571 | Oracle Linux 5 : php53 (ELSA-2012-1047) | Nessus | Oracle Linux Local Security Checks | high |
68570 | Oracle Linux 6 : php (ELSA-2012-1046) | Nessus | Oracle Linux Local Security Checks | high |
68569 | Oracle Linux 5 : php (ELSA-2012-1045) | Nessus | Oracle Linux Local Security Checks | medium |
67089 | CentOS 5 : php53 (CESA-2012:1047) | Nessus | CentOS Local Security Checks | high |
62236 | GLSA-201209-03 : PHP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
61358 | Scientific Linux Security Update : php on SL6.x i386/x86_64 (20120627) | Nessus | Scientific Linux Local Security Checks | high |
61357 | Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120627) | Nessus | Scientific Linux Local Security Checks | medium |
61356 | Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627) | Nessus | Scientific Linux Local Security Checks | high |
59938 | CentOS 6 : php (CESA-2012:1046) | Nessus | CentOS Local Security Checks | high |
59851 | HP System Management Homepage < 7.1.1 Multiple Vulnerabilities | Nessus | Web Servers | critical |
59753 | RHEL 5 : php53 (RHSA-2012:1047) | Nessus | Red Hat Local Security Checks | high |
59752 | RHEL 6 : php (RHSA-2012:1046) | Nessus | Red Hat Local Security Checks | high |
59751 | RHEL 5 : php (RHSA-2012:1045) | Nessus | Red Hat Local Security Checks | medium |
59738 | CentOS 5 : php (CESA-2012:1045) | Nessus | CentOS Local Security Checks | medium |
58740 | SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964) | Nessus | SuSE Local Security Checks | high |
58615 | SuSE 11.2 Security Update : PHP5 (SAT Patch Number 5958) | Nessus | SuSE Local Security Checks | medium |
58480 | SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009) | Nessus | SuSE Local Security Checks | high |
57932 | Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 regression (USN-1358-2) | Nessus | Ubuntu Local Security Checks | high |
57888 | Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1) | Nessus | Ubuntu Local Security Checks | high |
57753 | Debian DSA-2399-2 : php5 - several vulnerabilities | Nessus | Debian Local Security Checks | high |
801116 | PHP < 5.3.9 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
6263 | PHP < 5.3.9 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
57537 | PHP < 5.3.9 Multiple Vulnerabilities | Nessus | CGI abuses | high |