The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!
http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
http://rhn.redhat.com/errata/RHSA-2013-1813.html
http://rhn.redhat.com/errata/RHSA-2013-1815.html
http://rhn.redhat.com/errata/RHSA-2013-1824.html
http://rhn.redhat.com/errata/RHSA-2013-1825.html
http://rhn.redhat.com/errata/RHSA-2013-1826.html
http://secunia.com/advisories/59652
http://support.apple.com/kb/HT6150
http://www.debian.org/security/2013/dsa-2816
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/64225
http://www.securitytracker.com/id/1029472
http://www.ubuntu.com/usn/USN-2055-1
https://bugzilla.redhat.com/show_bug.cgi?id=1036830
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322
OR
cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*
OR
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
OR
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.9.1 (inclusive)
OR
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.27 (inclusive)
OR
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124998 | EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545) | Nessus | Huawei Local Security Checks | critical |
102079 | Juniper Junos PHP multiple vulnerabilities (JSA10804) | Nessus | Junos Local Security Checks | high |
83607 | SUSE SLES11 Security Update : PHP5 (SUSE-SU-2014:0064-1) | Nessus | SuSE Local Security Checks | high |
80737 | Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation) | Nessus | Solaris Local Security Checks | high |
78987 | RHEL 5 : php53 (RHSA-2013:1825) | Nessus | Red Hat Local Security Checks | high |
78986 | RHEL 5 / 6 : php (RHSA-2013:1824) | Nessus | Red Hat Local Security Checks | high |
78090 | HP System Management Homepage < 7.4 Multiple Vulnerabilities | Nessus | Web Servers | high |
77455 | GLSA-201408-11 : PHP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
74876 | openSUSE Security Update : php5 (openSUSE-SU-2013:1963-1) | Nessus | SuSE Local Security Checks | high |
8138 | Mac OS X < 10.9.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
72688 | Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST) | Nessus | MacOS X Local Security Checks | critical |
72687 | Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
72082 | Mandriva Linux Security Advisory : php (MDVSA-2014:014) | Nessus | Mandriva Local Security Checks | high |
71965 | SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8683 / 8684) | Nessus | SuSE Local Security Checks | high |
71964 | SuSE 11.2 Security Update : PHP5 (SAT Patch Number 8710) | Nessus | SuSE Local Security Checks | high |
71931 | Slackware 14.0 / 14.1 / current : php (SSA:2014-013-03) | Nessus | Slackware Local Security Checks | high |
71576 | Amazon Linux AMI : php55 (ALAS-2013-264) | Nessus | Amazon Linux Local Security Checks | high |
71575 | Amazon Linux AMI : php54 (ALAS-2013-263) | Nessus | Amazon Linux Local Security Checks | high |
71574 | Amazon Linux AMI : php (ALAS-2013-262) | Nessus | Amazon Linux Local Security Checks | high |
71552 | Fedora 18 : php-5.4.23-1.fc18 (2013-23215) | Nessus | Fedora Local Security Checks | high |
71549 | Fedora 20 : php-5.5.7-1.fc20 (2013-23164) | Nessus | Fedora Local Security Checks | high |
71451 | FreeBSD : PHP5 -- memory corruption in openssl_x509_parse() (47b4e713-6513-11e3-868f-0025905a4771) | Nessus | FreeBSD Local Security Checks | high |
71428 | PHP 5.5.x < 5.5.7 OpenSSL openssl_x509_parse() Memory Corruption | Nessus | CGI abuses | high |
71427 | PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption | Nessus | CGI abuses | high |
71426 | PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities | Nessus | CGI abuses | high |
71402 | Debian DSA-2816-1 : php5 - several vulnerabilities | Nessus | Debian Local Security Checks | high |
71394 | Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : php5 vulnerabilities (USN-2055-1) | Nessus | Ubuntu Local Security Checks | high |
71386 | Fedora 19 : php-5.5.7-1.fc19 (2013-23208) | Nessus | Fedora Local Security Checks | high |
71373 | Scientific Linux Security Update : php on SL5.x i386/x86_64 (20131211) | Nessus | Scientific Linux Local Security Checks | critical |
71372 | Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20131211) | Nessus | Scientific Linux Local Security Checks | high |
71367 | Oracle Linux 5 : php (ELSA-2013-1814) | Nessus | Oracle Linux Local Security Checks | critical |
71356 | CentOS 5 : php (CESA-2013:1814) | Nessus | CentOS Local Security Checks | critical |
71355 | CentOS 5 / 6 : php / php53 (CESA-2013:1813) | Nessus | CentOS Local Security Checks | high |
71337 | RHEL 5 : php (RHSA-2013:1814) | Nessus | Red Hat Local Security Checks | critical |
71336 | RHEL 5 / 6 : php53 and php (RHSA-2013:1813) | Nessus | Red Hat Local Security Checks | high |
71334 | Oracle Linux 5 / 6 : php / php53 (ELSA-2013-1813) | Nessus | Oracle Linux Local Security Checks | high |