PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 866
BDU:2022-02619
Уязвимость интерпретатора языка программирования PHP, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...
CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
CVE-2011-4718
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
CVE-2011-1398
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
CVE-2011-4078
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.
CVE-2011-4078
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ...
CVE-2011-3379
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2022-02619 Уязвимость интерпретатора языка программирования PHP, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 3.7 | 89% Высокий | больше 13 лет назад |
 | CVE-2011-4885 PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | CVSS2: 5 | 89% Высокий | больше 13 лет назад |
 | CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. | CVSS2: 6.4 | 47% Средний | почти 14 лет назад |
| CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the ... | CVSS2: 6.4 | 47% Средний | почти 14 лет назад |
 | CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. | CVSS2: 6.4 | 47% Средний | почти 14 лет назад |
| CVE-2011-4718 Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. | CVSS2: 5.8 | 1% Низкий | почти 14 лет назад |
| CVE-2011-1398 The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. | CVSS2: 4.3 | 9% Низкий | почти 14 лет назад |
| CVE-2011-4078 include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. | CVSS2: 5 | 1% Низкий | почти 14 лет назад |
| CVE-2011-4078 include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ... | CVSS2: 5 | 1% Низкий | почти 14 лет назад |
| CVE-2011-3379 The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. | CVSS2: 7.5 | 1% Низкий | почти 14 лет назад |
Уязвимостей на страницу