PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2013-1824
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows re ...
CVE-2013-1824
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
CVE-2013-4248
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4248
The openssl_x509_parse function in openssl.c in the OpenSSL module in ...
CVE-2013-4248
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
BDU:2022-02632
Уязвимость функции openssl_x509_parse модуля OpenSSL интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код в сценарии «человек посередине» (MITM, Man-In-The-Middle)
CVE-2011-4718
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
CVE-2011-4718
Session fixation vulnerability in the Sessions subsystem in PHP before ...
CVE-2011-4718
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
CVE-2013-4248
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2013-1824 The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows re ... | CVSS2: 4.3 | 2% Низкий | больше 12 лет назад |
 | CVE-2013-1824 The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. | CVSS2: 4.3 | 2% Низкий | больше 12 лет назад |
 | CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | CVSS2: 4.3 | 10% Низкий | больше 12 лет назад |
| CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in ... | CVSS2: 4.3 | 10% Низкий | больше 12 лет назад |
| CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | CVSS2: 4.3 | 10% Низкий | больше 12 лет назад |
 | BDU:2022-02632 Уязвимость функции openssl_x509_parse модуля OpenSSL интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код в сценарии «человек посередине» (MITM, Man-In-The-Middle) | CVSS3: 3.7 | 10% Низкий | больше 12 лет назад |
| CVE-2011-4718 Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. | CVSS2: 6.8 | 1% Низкий | больше 12 лет назад |
| CVE-2011-4718 Session fixation vulnerability in the Sessions subsystem in PHP before ... | CVSS2: 6.8 | 1% Низкий | больше 12 лет назад |
| CVE-2011-4718 Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. | CVSS2: 6.8 | 1% Низкий | больше 12 лет назад |
 | CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | CVSS2: 4.3 | 10% Низкий | больше 12 лет назад |
Уязвимостей на страницу