PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 756
CVE-2009-0754
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
CVE-2003-1303
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.
CVE-2003-0249
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.
CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...
CVE-2003-0249
PHP treats unknown methods such as "PoSt" as a GET request, which coul ...
CVE-2003-0861
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
CVE-2003-0863
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
CVE-2003-0860
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
CVE-2003-0861
Integer overflows in (1) base64_encode and (2) the GD library for PHP ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2009-0754 PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. | CVSS2: 2.1 | 0% Низкий | больше 21 года назад |
 | CVE-2003-1302 The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. | CVSS2: 5 | 0% Низкий | больше 21 года назад |
| CVE-2003-1303 Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. | CVSS2: 5 | 1% Низкий | больше 21 года назад |
| CVE-2003-0249 PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report. | CVSS2: 7.5 | 1% Низкий | больше 21 года назад |
| CVE-2003-1302 The IMAP functionality in PHP before 4.3.1 allows remote attackers to ... | CVSS2: 5 | 0% Низкий | больше 21 года назад |
| CVE-2003-0249 PHP treats unknown methods such as "PoSt" as a GET request, which coul ... | CVSS2: 7.5 | 1% Низкий | больше 21 года назад |
| CVE-2003-0861 Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. | CVSS2: 10 | 0% Низкий | больше 21 года назад |
| CVE-2003-0863 The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. | CVSS2: 7.5 | 3% Низкий | больше 21 года назад |
| CVE-2003-0860 Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors. | CVSS2: 10 | 0% Низкий | больше 21 года назад |
| CVE-2003-0861 Integer overflows in (1) base64_encode and (2) the GD library for PHP ... | CVSS2: 10 | 0% Низкий | больше 21 года назад |
Уязвимостей на страницу