CVE-2013-6420

HIGH

Details

Source: MITRE

Published: 2013-12-17

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.9.1 (inclusive)

Configuration 4

OR

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.27 (inclusive)

Configuration 5

OR

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
124998EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545)NessusHuawei Local Security Checks
critical
102079Juniper Junos PHP multiple vulnerabilities (JSA10804)NessusJunos Local Security Checks
high
83607SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1)NessusSuSE Local Security Checks
high
80737Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)NessusSolaris Local Security Checks
high
78987RHEL 5 : php53 (RHSA-2013:1825)NessusRed Hat Local Security Checks
high
78986RHEL 5 / 6 : php (RHSA-2013:1824)NessusRed Hat Local Security Checks
high
78090HP System Management Homepage < 7.4 Multiple VulnerabilitiesNessusWeb Servers
high
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
74876openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1)NessusSuSE Local Security Checks
high
8138Mac OS X < 10.9.2 Multiple Vulnerabilities Nessus Network MonitorWeb Clients
critical
72688Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)NessusMacOS X Local Security Checks
critical
72687Mac OS X 10.9.x < 10.9.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
72082Mandriva Linux Security Advisory : php (MDVSA-2014:014)NessusMandriva Local Security Checks
high
71965SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684)NessusSuSE Local Security Checks
high
71964SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710)NessusSuSE Local Security Checks
high
71931Slackware 14.0 / 14.1 / current : php (SSA:2014-013-03)NessusSlackware Local Security Checks
high
71576Amazon Linux AMI : php55 (ALAS-2013-264)NessusAmazon Linux Local Security Checks
high
71575Amazon Linux AMI : php54 (ALAS-2013-263)NessusAmazon Linux Local Security Checks
high
71574Amazon Linux AMI : php (ALAS-2013-262)NessusAmazon Linux Local Security Checks
high
71552Fedora 18 : php-5.4.23-1.fc18 (2013-23215)NessusFedora Local Security Checks
high
71549Fedora 20 : php-5.5.7-1.fc20 (2013-23164)NessusFedora Local Security Checks
high
71451FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771)NessusFreeBSD Local Security Checks
high
71428PHP 5.5.x < 5.5.7 OpenSSL openssl_x509_parse() Memory CorruptionNessusCGI abuses
high
71427PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory CorruptionNessusCGI abuses
high
71426PHP 5.3.x < 5.3.28 Multiple OpenSSL VulnerabilitiesNessusCGI abuses
high
71402Debian DSA-2816-1 : php5 - several vulnerabilitiesNessusDebian Local Security Checks
high
71394Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1)NessusUbuntu Local Security Checks
high
71386Fedora 19 : php-5.5.7-1.fc19 (2013-23208)NessusFedora Local Security Checks
high
71373Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211)NessusScientific Linux Local Security Checks
critical
71372Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211)NessusScientific Linux Local Security Checks
high
71367Oracle Linux 5 : php (ELSA-2013-1814)NessusOracle Linux Local Security Checks
critical
71356CentOS 5 : php (CESA-2013:1814)NessusCentOS Local Security Checks
critical
71355CentOS 5 / 6 : php / php53 (CESA-2013:1813)NessusCentOS Local Security Checks
high
71337RHEL 5 : php (RHSA-2013:1814)NessusRed Hat Local Security Checks
critical
71336RHEL 5 / 6 : php53 and php (RHSA-2013:1813)NessusRed Hat Local Security Checks
high
71334Oracle Linux 5 / 6 : php / php53 (ELSA-2013-1813)NessusOracle Linux Local Security Checks
high