HIGH
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00022.html
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://secunia.com/advisories/55078
http://support.apple.com/kb/HT5501
http://www.debian.org/security/2012/dsa-2527
http://www.mandriva.com/security/advisories?name=MDVSA-2012:108
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/54638
http://www.securitytracker.com/id?1027287
http://www.ubuntu.com/usn/USN-1569-1
Source: MITRE
Published: 2012-07-20
Updated: 2017-12-22
Type: NVD-CWE-noinfo
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
OR
cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.14 (inclusive)
cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 80736 | Oracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors) | Nessus | Solaris Local Security Checks | critical |
| 79149 | CentOS 5 : php53 (CESA-2013:1307) | Nessus | CentOS Local Security Checks | critical |
| 74709 | openSUSE Security Update : php5 (openSUSE-SU-2012:0976-1) | Nessus | SuSE Local Security Checks | critical |
| 71373 | Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211) | Nessus | Scientific Linux Local Security Checks | critical |
| 71367 | Oracle Linux 5 : php (ELSA-2013-1814) | Nessus | Oracle Linux Local Security Checks | critical |
| 71356 | CentOS 5 : php (CESA-2013:1814) | Nessus | CentOS Local Security Checks | critical |
| 71337 | RHEL 5 : php (RHSA-2013:1814) | Nessus | Red Hat Local Security Checks | critical |
| 70389 | Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930) | Nessus | Scientific Linux Local Security Checks | critical |
| 70284 | Oracle Linux 5 : php53 (ELSA-2013-1307) | Nessus | Oracle Linux Local Security Checks | critical |
| 70244 | RHEL 5 : php53 (RHSA-2013:1307) | Nessus | Red Hat Local Security Checks | critical |
| 69606 | Amazon Linux AMI : php (ALAS-2012-116) | Nessus | Amazon Linux Local Security Checks | critical |
| 68751 | Oracle Linux 6 : php (ELSA-2013-0514) | Nessus | Oracle Linux Local Security Checks | critical |
| 65146 | CentOS 6 : php (CESA-2013:0514) | Nessus | CentOS Local Security Checks | critical |
| 64957 | Scientific Linux Security Update : php on SL6.x i386/x86_64 (20130221) | Nessus | Scientific Linux Local Security Checks | critical |
| 64762 | RHEL 6 : php (RHSA-2013:0514) | Nessus | Red Hat Local Security Checks | critical |
| 64106 | SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634) | Nessus | SuSE Local Security Checks | critical |
| 64105 | SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6634) | Nessus | SuSE Local Security Checks | critical |
| 64101 | SuSE 11.1 Security Update : php5 (SAT Patch Number 6627) | Nessus | SuSE Local Security Checks | critical |
| 62236 | GLSA-201209-03 : PHP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 6584 | Mac OS X 10.8 < 10.8.2 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 6583 | Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 62215 | Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 62214 | Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 62213 | Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 62178 | Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1569-1) | Nessus | Ubuntu Local Security Checks | critical |
| 61961 | Mandriva Linux Security Advisory : php (MDVSA-2012:108) | Nessus | Mandriva Local Security Checks | critical |
| 801075 | PHP 5.3.x < 5.3.15 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
| 6556 | PHP 5.3.x < 5.3.15 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | critical |
| 61658 | SuSE 10 Security Update : php5 (ZYPP Patch Number 8239) | Nessus | SuSE Local Security Checks | critical |
| 61520 | Debian DSA-2527-1 : php5 - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 801079 | PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow | Log Correlation Engine | Web Servers | high |
| 6530 | PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow | Nessus Network Monitor | Web Servers | critical |
| 60102 | FreeBSD : php -- potential overflow in _php_stream_scandir (bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89) | Nessus | FreeBSD Local Security Checks | critical |
| 60087 | Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2012-204-01) | Nessus | Slackware Local Security Checks | critical |
| 60086 | PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow | Nessus | CGI abuses | critical |
| 60085 | PHP 5.3.x < 5.3.15 Multiple Vulnerabilities | Nessus | CGI abuses | critical |