CVE-2014-4721

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.

References

http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://secunia.com/advisories/54553

http://secunia.com/advisories/59794

http://secunia.com/advisories/59831

http://twitter.com/mikispag/statuses/485713462258302976

http://www.debian.org/security/2014/dsa-2974

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.php.net/ChangeLog-5.php

http://www-01.ibm.com/support/docview.wss?uid=swg21683486

https://bugs.php.net/bug.php?id=67498

https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html

Details

Source: MITRE

Published: 2014-07-06

Updated: 2017-01-07

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.29 (inclusive)

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
124996EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1543)NessusHuawei Local Security Checks
high
93161SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)NessusSuSE Local Security Checks
critical
86109F5 Networks BIG-IP : PHP vulnerability (SOL17313)NessusF5 Networks Local Security Checks
low
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82165Debian DLA-18-1 : php5 security updateNessusDebian Local Security Checks
high
78556PHP 5.6.0 Multiple VulnerabilitiesNessusCGI abuses
high
77285PHP 5.3.x < 5.3.29 Multiple VulnerabilitiesNessusCGI abuses
high
77047Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140806)NessusScientific Linux Local Security Checks
high
77044Oracle Linux 7 : php (ELSA-2014-1013)NessusOracle Linux Local Security Checks
high
77043Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1012)NessusOracle Linux Local Security Checks
high
77033CentOS 7 : php (CESA-2014:1013)NessusCentOS Local Security Checks
high
77032CentOS 5 / 6 : php / php53 (CESA-2014:1012)NessusCentOS Local Security Checks
high
77016RHEL 7 : php (RHSA-2014:1013)NessusRed Hat Local Security Checks
high
77015RHEL 5 / 6 : php53 and php (RHSA-2014:1012)NessusRed Hat Local Security Checks
high
76957openSUSE Security Update : php5 (openSUSE-2014-471)NessusSuSE Local Security Checks
medium
76932openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)NessusSuSE Local Security Checks
medium
76929openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)NessusSuSE Local Security Checks
medium
76909SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)NessusSuSE Local Security Checks
high
76451Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : php5 vulnerabilities (USN-2276-1)NessusUbuntu Local Security Checks
high
76438Mandriva Linux Security Advisory : php (MDVSA-2014:130)NessusMandriva Local Security Checks
high
76418Debian DSA-2974-1 : php5 - security updateNessusDebian Local Security Checks
high
8320PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
76282PHP 5.5.x < 5.5.14 Multiple VulnerabilitiesNessusCGI abuses
high
76281PHP 5.4.x < 5.4.30 Multiple VulnerabilitiesNessusCGI abuses
high