4.3

CVE-2013-4248

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 Update- Editionlts
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
PhpPhp Version <= 5.4.17
PhpPhp Version5.0.0
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
PhpPhp Version5.2.3
PhpPhp Version5.2.4
PhpPhp Version5.2.5
PhpPhp Version5.2.6
PhpPhp Version5.2.7
PhpPhp Version5.2.8
PhpPhp Version5.2.9
PhpPhp Version5.2.10
PhpPhp Version5.2.11
PhpPhp Version5.2.12
PhpPhp Version5.2.13
PhpPhp Version5.2.14
PhpPhp Version5.2.15
PhpPhp Version5.2.16
PhpPhp Version5.2.17
PhpPhp Version5.3.0
PhpPhp Version5.3.1
PhpPhp Version5.3.2
PhpPhp Version5.3.3
PhpPhp Version5.3.4
PhpPhp Version5.3.5
PhpPhp Version5.3.6
PhpPhp Version5.3.7
PhpPhp Version5.3.8
PhpPhp Version5.3.9
PhpPhp Version5.3.10
PhpPhp Version5.3.11
PhpPhp Version5.3.12
PhpPhp Version5.3.13
PhpPhp Version5.3.14
PhpPhp Version5.3.15
PhpPhp Version5.3.16
PhpPhp Version5.3.17
PhpPhp Version5.3.18
PhpPhp Version5.3.19
PhpPhp Version5.3.20
PhpPhp Version5.3.21
PhpPhp Version5.3.22
PhpPhp Version5.3.23
PhpPhp Version5.3.24
PhpPhp Version5.3.25
PhpPhp Version5.3.26
PhpPhp Version5.3.27
PhpPhp Version5.4.0
PhpPhp Version5.4.1
PhpPhp Version5.4.2
PhpPhp Version5.4.3
PhpPhp Version5.4.4
PhpPhp Version5.4.5
PhpPhp Version5.4.6
PhpPhp Version5.4.7
PhpPhp Version5.4.8
PhpPhp Version5.4.9
PhpPhp Version5.4.10
PhpPhp Version5.4.11
PhpPhp Version5.4.12
PhpPhp Version5.4.12 Updaterc1
PhpPhp Version5.4.12 Updaterc2
PhpPhp Version5.4.13
PhpPhp Version5.4.13 Updaterc1
PhpPhp Version5.4.14
PhpPhp Version5.4.14 Updaterc1
PhpPhp Version5.4.15 Updaterc1
PhpPhp Version5.4.16 Updaterc1
PhpPhp Version5.5.0
PhpPhp Version5.5.1
RedhatEnterprise Linux Version5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.59% 0.879
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2013-1307.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1615.html
http://secunia.com/advisories/55078
Vendor Advisory
http://support.apple.com/kb/HT6150
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2874696a5a8d46639d261571f915c493cd875897
http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
http://marc.info/?l=bugtraq&m=141390017113542&w=2
http://secunia.com/advisories/54478
Vendor Advisory
http://secunia.com/advisories/54657
Vendor Advisory
http://secunia.com/advisories/59652
http://www.debian.org/security/2013/dsa-2742
http://www.securityfocus.com/bid/61776
http://www.securitytracker.com/id/1028924
http://www.ubuntu.com/usn/USN-1937-1
Vendor Advisory