Описание
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory.
Отчет
Red Hat classifies this as a security issue, however it is suggested that a properly secured PHP install should disable the phpinfo() function.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Will not fix | ||
| Red Hat Enterprise Linux 5 | php53 | Fixed | RHSA-2014:1012 | 06.08.2014 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2014:1012 | 06.08.2014 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2014:1013 | 06.08.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php54-php | Fixed | RHSA-2014:1765 | 30.10.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS | php55-php | Fixed | RHSA-2014:1766 | 30.10.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
Уязвимость функции phpinfo (ext/standard/info.c) интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
2.6 Low
CVSS2