cvelistv5 - CVE-2008-5658

CVE-2008-5658 (GCVE-0-2008-5658)

Vulnerability from cvelistv5 – Published: 2008-12-17 20:00 – Updated: 2024-08-07 11:04

Summary

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/32625	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
	http://www.securitytracker.com/id?1021303	vdb-entryx_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=124654546101607&w=2	vendor-advisoryx_refsource_HP
	http://www.sektioneins.de/advisories/SE-2008-06.txt	x_refsource_MISC
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/archive/1/501376/100…	mailing-listx_refsource_BUGTRAQ
	http://wiki.rpath.com/Advisories:rPSA-2009-0035	x_refsource_CONFIRM
	http://osvdb.org/50480	vdb-entryx_refsource_OSVDB
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2009-03…	vendor-advisoryx_refsource_REDHAT
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/35003	third-party-advisoryx_refsource_SECUNIA
	http://www.php.net/ChangeLog-5.php#5.2.7	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2008/12/04/3	mailing-listx_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://marc.info/?l=bugtraq&m=124654546101607&w=2	vendor-advisoryx_refsource_HP
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/35306	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35650	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1789	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:04:44.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32625"
          },
          {
            "name": "HPSBUX02465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "1021303",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021303"
          },
          {
            "name": "SSRT090085",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
          },
          {
            "name": "FEDORA-2009-3768",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
          },
          {
            "name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
          },
          {
            "name": "50480",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/50480"
          },
          {
            "name": "SSRT090192",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "php-ziparchive-directory-traversal(47079)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "RHSA-2009:0350",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
          },
          {
            "name": "FEDORA-2009-3848",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
          },
          {
            "name": "35003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
          },
          {
            "name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
          },
          {
            "name": "MDVSA-2009:045",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
          },
          {
            "name": "HPSBUX02431",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
          },
          {
            "name": "35306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35306"
          },
          {
            "name": "35650",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35650"
          },
          {
            "name": "DSA-1789",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1789"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32625"
        },
        {
          "name": "HPSBUX02465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "1021303",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021303"
        },
        {
          "name": "SSRT090085",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
        },
        {
          "name": "FEDORA-2009-3768",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
        },
        {
          "name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
        },
        {
          "name": "50480",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/50480"
        },
        {
          "name": "SSRT090192",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "php-ziparchive-directory-traversal(47079)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "name": "RHSA-2009:0350",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
        },
        {
          "name": "FEDORA-2009-3848",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
        },
        {
          "name": "35003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
        },
        {
          "name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
        },
        {
          "name": "MDVSA-2009:045",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
        },
        {
          "name": "HPSBUX02431",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
        },
        {
          "name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
        },
        {
          "name": "35306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35306"
        },
        {
          "name": "35650",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35650"
        },
        {
          "name": "DSA-1789",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1789"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32625",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32625"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "1021303",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021303"
            },
            {
              "name": "SSRT090085",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "http://www.sektioneins.de/advisories/SE-2008-06.txt",
              "refsource": "MISC",
              "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
            },
            {
              "name": "FEDORA-2009-3768",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
            },
            {
              "name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0035",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
            },
            {
              "name": "50480",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/50480"
            },
            {
              "name": "SSRT090192",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "php-ziparchive-directory-traversal(47079)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "RHSA-2009:0350",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
            },
            {
              "name": "FEDORA-2009-3848",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
            },
            {
              "name": "35003",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35003"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.2.7",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
            },
            {
              "name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
            },
            {
              "name": "MDVSA-2009:045",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
            },
            {
              "name": "HPSBUX02431",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
            },
            {
              "name": "35306",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35306"
            },
            {
              "name": "35650",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35650"
            },
            {
              "name": "DSA-1789",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1789"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5658",
    "datePublished": "2008-12-17T20:00:00",
    "dateReserved": "2008-12-17T00:00:00",
    "dateUpdated": "2024-08-07T11:04:44.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.6\", \"matchCriteriaId\": \"9FCD404F-54C5-4DFF-ABC3-F0745C5BC96F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7007E77F-60EF-44D8-9676-15B59DF1325F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E727CECE-E452-489A-A42F-5A069D6AF80E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"149A1FB8-593E-412B-8E1C-3E560301D500\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC144FA-8F84-44C0-B263-B639FEAD20FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"295907B4-C3DE-4021-BE3B-A8826D4379E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"B881352D-954E-4FC0-9E42-93D02A3F3089\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17437AED-816A-4CCF-96DE-8C3D0CC8DB2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74E7AE59-1CB0-4300-BBE0-109F909789EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9222821E-370F-4616-B787-CC22C2F4E7CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9809449F-9A76-4318-B233-B4C2950A6EA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AA962D4-A4EC-4DC3-B8A9-D10941B92781\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8CDFEF9-C367-4800-8A2F-375C261FAE55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16E43B88-1563-4EFD-9267-AE3E8C35D67A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11E5715F-A8BC-49EF-836B-BB78E1BC0790\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FA68843-158E-463E-B68A-1ACF041C4E10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1874F637-77E2-4C4A-BF92-AEE96A60BFB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9592B32E-55CD-42D0-901E-8319823BC820\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9BF34B5-F74C-4D56-9841-42452D60CB87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86767200-6C9C-4C3E-B111-0E5BE61E197B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B00B416D-FF23-4C76-8751-26D305F0FA0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCB6CDDD-70D3-4004-BCE0-8C4723076103\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en la funci\\u00f3n ZipArchive::extractTo de PHP 5.2.6 y anteriores, permite a atacantes dependientes del contexto escribir ficheros de su elecci\\u00f3n a trav\\u00e9s de un archivo ZIP con un fichero que contenga la secuencia .. (punto punto).\"}]",
      "id": "CVE-2008-5658",
      "lastModified": "2024-11-21T00:54:34.420",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2008-12-17T20:30:01.017",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/50480\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/35003\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/35306\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/35650\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2009-0035\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2009/dsa-1789\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:045\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/12/04/3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.php.net/ChangeLog-5.php#5.2.7\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-0350.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/501376/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/32625\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1021303\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.sektioneins.de/advisories/SE-2008-06.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/47079\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/50480\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35003\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35306\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/35650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2009-0035\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2009/dsa-1789\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:045\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/12/04/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.php.net/ChangeLog-5.php#5.2.7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-0350.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/501376/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/32625\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1021303\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.sektioneins.de/advisories/SE-2008-06.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/47079\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html\", \"lastModified\": \"2009-04-15T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5658\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-17T20:30:01.017\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la funci\u00f3n ZipArchive::extractTo de PHP 5.2.6 y anteriores, permite a atacantes dependientes del contexto escribir ficheros de su elecci\u00f3n a trav\u00e9s de un archivo ZIP con un fichero que contenga la secuencia .. (punto punto).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.6\",\"matchCriteriaId\":\"9FCD404F-54C5-4DFF-ABC3-F0745C5BC96F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7007E77F-60EF-44D8-9676-15B59DF1325F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E727CECE-E452-489A-A42F-5A069D6AF80E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"149A1FB8-593E-412B-8E1C-3E560301D500\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC144FA-8F84-44C0-B263-B639FEAD20FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"295907B4-C3DE-4021-BE3B-A8826D4379E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B881352D-954E-4FC0-9E42-93D02A3F3089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17437AED-816A-4CCF-96DE-8C3D0CC8DB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74E7AE59-1CB0-4300-BBE0-109F909789EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9222821E-370F-4616-B787-CC22C2F4E7CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9809449F-9A76-4318-B233-B4C2950A6EA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA962D4-A4EC-4DC3-B8A9-D10941B92781\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8CDFEF9-C367-4800-8A2F-375C261FAE55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E43B88-1563-4EFD-9267-AE3E8C35D67A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11E5715F-A8BC-49EF-836B-BB78E1BC0790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA68843-158E-463E-B68A-1ACF041C4E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1874F637-77E2-4C4A-BF92-AEE96A60BFB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9592B32E-55CD-42D0-901E-8319823BC820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9BF34B5-F74C-4D56-9841-42452D60CB87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86767200-6C9C-4C3E-B111-0E5BE61E197B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00B416D-FF23-4C76-8751-26D305F0FA0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCB6CDDD-70D3-4004-BCE0-8C4723076103\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/50480\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35003\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35306\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35650\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2009-0035\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1789\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:045\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/12/04/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.php.net/ChangeLog-5.php#5.2.7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0350.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/501376/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32625\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021303\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sektioneins.de/advisories/SE-2008-06.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47079\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/50480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2009-0035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/12/04/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.php.net/ChangeLog-5.php#5.2.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0350.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/501376/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sektioneins.de/advisories/SE-2008-06.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/47079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html\",\"lastModified\":\"2009-04-15T00:00:00\"}]}}"
  }
}

CERTA-2009-AVI-257

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de HP-UX Apache Web Server Suite permettent de réaliser un déni de service à distance et d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités liées au langage PHP, au serveur Web Apache et aux moteurs de servlet basés sur celui de Tomcat permettent à un individu distant de réaliser un déni de service ou d'exécuter du code arbitraire. Ces vulnérabilités ont été décrites dans les avis précédents du CERTA.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	N/A	Apache Web Server Suite versions antérieures à v3.05 (HP-UX 11iv2 et 11iv3) ;
	Apache	N/A	Apache Web Server Suite versions antérieures à v2.25 (HP-UX 11iv1).

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01756421 du 29 juin 2009	None	vendor-advisory
Avis CERTA-2008-AVI-417 du 08 août 2008 :	-	other
Avis CERTA-2008-AVI-225 du 02 mai 2008 :	-	other
Avis CERTA-2008-AVI-011 du 09 janvier 2008 :	-	other
Avis CERTA-2009-AVI-083 du 03 mars 2009 :	-	other
Avis CERTA-2007-AVI-339 du 08 novembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v3.05 (HP-UX 11iv2 et 11iv3) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v2.25 (HP-UX 11iv1).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s li\u00e9es au langage PHP, au serveur Web Apache\net aux moteurs de servlet bas\u00e9s sur celui de Tomcat permettent \u00e0 un\nindividu distant de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire. Ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9crites dans les avis pr\u00e9c\u00e9dents\ndu CERTA.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2008-5625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5625"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-2168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2168"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3959"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2008-5624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5624"
    },
    {
      "name": "CVE-2008-5658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2008-AVI-417 du 08 ao\u00fbt 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-417"
    },
    {
      "title": "Avis CERTA-2008-AVI-225 du 02 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-225"
    },
    {
      "title": "Avis CERTA-2008-AVI-011 du 09 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-011"
    },
    {
      "title": "Avis CERTA-2009-AVI-083 du 03 mars 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-083"
    },
    {
      "title": "Avis CERTA-2007-AVI-339 du 08 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-339"
    }
  ],
  "reference": "CERTA-2009-AVI-257",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eHP-UX Apache Web Server\nSuite\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance et\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9 de HP-UX Apache Web Server Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01756421 du 29 juin 2009",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01756421"
    }
  ]
}

CERTA-2009-AVI-257

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de HP-UX Apache Web Server Suite permettent de réaliser un déni de service à distance et d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	N/A	Apache Web Server Suite versions antérieures à v3.05 (HP-UX 11iv2 et 11iv3) ;
	Apache	N/A	Apache Web Server Suite versions antérieures à v2.25 (HP-UX 11iv1).

References

Title

Publication Time

Tags

Bulletin de sécurité HP c01756421 du 29 juin 2009	None	vendor-advisory
Avis CERTA-2008-AVI-417 du 08 août 2008 :	-	other
Avis CERTA-2008-AVI-225 du 02 mai 2008 :	-	other
Avis CERTA-2008-AVI-011 du 09 janvier 2008 :	-	other
Avis CERTA-2009-AVI-083 du 03 mars 2009 :	-	other
Avis CERTA-2007-AVI-339 du 08 novembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v3.05 (HP-UX 11iv2 et 11iv3) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Web Server Suite versions ant\u00e9rieures \u00e0 v2.25 (HP-UX 11iv1).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s li\u00e9es au langage PHP, au serveur Web Apache\net aux moteurs de servlet bas\u00e9s sur celui de Tomcat permettent \u00e0 un\nindividu distant de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire. Ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9crites dans les avis pr\u00e9c\u00e9dents\ndu CERTA.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-5557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
    },
    {
      "name": "CVE-2008-5625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5625"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2008-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
    },
    {
      "name": "CVE-2008-2168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2168"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-3959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3959"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    },
    {
      "name": "CVE-2008-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2829"
    },
    {
      "name": "CVE-2008-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0599"
    },
    {
      "name": "CVE-2008-2665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2665"
    },
    {
      "name": "CVE-2008-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2666"
    },
    {
      "name": "CVE-2008-5624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5624"
    },
    {
      "name": "CVE-2008-5658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
    },
    {
      "name": "CVE-2007-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2008-AVI-417 du 08 ao\u00fbt 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-417"
    },
    {
      "title": "Avis CERTA-2008-AVI-225 du 02 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-225"
    },
    {
      "title": "Avis CERTA-2008-AVI-011 du 09 janvier 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-011"
    },
    {
      "title": "Avis CERTA-2009-AVI-083 du 03 mars 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-083"
    },
    {
      "title": "Avis CERTA-2007-AVI-339 du 08 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-339"
    }
  ],
  "reference": "CERTA-2009-AVI-257",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eHP-UX Apache Web Server\nSuite\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance et\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9 de HP-UX Apache Web Server Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01756421 du 29 juin 2009",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01756421"
    }
  ]
}

RHSA-2009:0350

Vulnerability from csaf_redhat - Published: 2009-04-14 17:14 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: php security update

Notes

Topic

Updated php packages that fix several security issues are now available for Red Hat Application Stack v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-5557) A flaw was found in the handling of the "mbstring.func_overload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A directory traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used to extract a malicious ZIP archive, it could allow an attacker to write arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A flaw was found in the way PHP handled certain file extensions when running in FastCGI mode. If the PHP interpreter was being executed via FastCGI, a remote attacker could create a request which would cause the PHP interpreter to crash. (CVE-2008-3660) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the "background color" argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had "display_errors" enabled, a remote attacker able to set a specially-crafted cookie on a victim's system could possibly inject arbitrary HTML into an error message generated by PHP. (CVE-2008-5814) A flaw was found in PHP's json_decode function. A remote attacker could use this flaw to create a specially-crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script. (CVE-2009-1271) All php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. The httpd web server must be restarted for the changes to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0350",
        "url": "https://access.redhat.com/errata/RHSA-2009:0350"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "459529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
      },
      {
        "category": "external",
        "summary": "459572",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
      },
      {
        "category": "external",
        "summary": "474824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
      },
      {
        "category": "external",
        "summary": "478425",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
      },
      {
        "category": "external",
        "summary": "478848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
      },
      {
        "category": "external",
        "summary": "479272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
      },
      {
        "category": "external",
        "summary": "480167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
      },
      {
        "category": "external",
        "summary": "494530",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
      }
    ],
    "title": "Red Hat Security Advisory: php security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:23+00:00",
      "generator": {
        "date": "2025-11-21T17:34:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:0350",
      "initial_release_date": "2009-04-14T17:14:00+00:00",
      "revision_history": [
        {
          "date": "2009-04-14T17:14:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-04-14T13:14:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
                "product": {
                  "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
                  "product_id": "5Server-Stacks",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-imap-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-imap-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-gd-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-gd-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-devel-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-devel-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-dba-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-dba-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-soap-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-soap-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-common-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-common-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-cli-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-cli-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xml-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-xml-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-pdo-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-pdo-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-bcmath-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-bcmath-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-imap-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-imap-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-imap-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-snmp-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-snmp-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ldap-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-ldap-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-gd-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-gd-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-gd-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-devel-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-devel-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-devel-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mysql-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-mysql-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-dba-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-dba-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-dba-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-soap-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-soap-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-soap-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-common-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-common-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-common-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-odbc-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-odbc-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ncurses-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-ncurses-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-cli-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-cli-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-cli-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xml-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-xml-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-xml-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-pgsql-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-pgsql-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mbstring-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-mbstring-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-0:5.2.6-4.el5s2.src",
                "product": {
                  "name": "php-0:5.2.6-4.el5s2.src",
                  "product_id": "php-0:5.2.6-4.el5s2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
        },
        "product_reference": "php-0:5.2.6-4.el5s2.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-common-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-3658",
      "discovery_date": "2008-08-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "459529"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: buffer overflow in the imageloadfont function in gd extension",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3658"
        },
        {
          "category": "external",
          "summary": "RHBZ#459529",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
        }
      ],
      "release_date": "2008-08-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: buffer overflow in the imageloadfont function in gd extension"
    },
    {
      "cve": "CVE-2008-3660",
      "discovery_date": "2008-08-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "459572"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: FastCGI module DoS via multiple dots preceding the extension",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3660"
        },
        {
          "category": "external",
          "summary": "RHBZ#459572",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
        }
      ],
      "release_date": "2008-08-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: FastCGI module DoS via multiple dots preceding the extension"
    },
    {
      "cve": "CVE-2008-5498",
      "discovery_date": "2008-12-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "478425"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: libgd imagerotate() array index error memory disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5498"
        },
        {
          "category": "external",
          "summary": "RHBZ#478425",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
        }
      ],
      "release_date": "2008-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: libgd imagerotate() array index error memory disclosure"
    },
    {
      "cve": "CVE-2008-5557",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2008-12-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "478848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5557"
        },
        {
          "category": "external",
          "summary": "RHBZ#478848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
        }
      ],
      "release_date": "2008-08-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
    },
    {
      "cve": "CVE-2008-5658",
      "discovery_date": "2008-12-04T00:00:00+00:00",
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "other",
          "text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5658"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
        }
      ],
      "release_date": "2008-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
    },
    {
      "cve": "CVE-2008-5814",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2009-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "480167"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.  NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: XSS via PHP error messages",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5814"
        },
        {
          "category": "external",
          "summary": "RHBZ#480167",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
        }
      ],
      "release_date": "2008-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: XSS via PHP error messages"
    },
    {
      "cve": "CVE-2009-0754",
      "discovery_date": "2009-01-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "479272"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "PHP mbstring.func_overload web server denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0754"
        },
        {
          "category": "external",
          "summary": "RHBZ#479272",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
        }
      ],
      "release_date": "2004-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "PHP mbstring.func_overload web server denial of service"
    },
    {
      "cve": "CVE-2009-1271",
      "discovery_date": "2009-02-27T00:00:00+00:00",
      "notes": [
        {
          "category": "description",
          "text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
          "title": "Vulnerability description"
        },
        {
          "category": "other",
          "text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1271"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
        }
      ],
      "release_date": "2008-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: crash on malformed input in json_decode()"
    }
  ]
}

RHSA-2009_0350

Vulnerability from csaf_redhat - Published: 2009-04-14 17:14 - Updated: 2024-12-15 18:13

Summary

Red Hat Security Advisory: php security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated php packages that fix several security issues are now available for\nRed Hat Application Stack v2.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server.\n\nA heap-based buffer overflow flaw was found in PHP\u0027s mbstring extension. A\nremote attacker able to pass arbitrary input to a PHP script using mbstring\nconversion functions could cause the PHP interpreter to crash or, possibly,\nexecute arbitrary code. (CVE-2008-5557)\n\nA flaw was found in the handling of the \"mbstring.func_overload\"\nconfiguration setting. A value set for one virtual host, or in a user\u0027s\n.htaccess file, was incorrectly applied to other virtual hosts on the same\nserver, causing the handling of multibyte character strings to not work\ncorrectly. (CVE-2009-0754)\n\nA directory traversal flaw was found in PHP\u0027s ZipArchive::extractTo\nfunction. If PHP is used to extract a malicious ZIP archive, it could allow\nan attacker to write arbitrary files anywhere the PHP process has write\npermissions. (CVE-2008-5658)\n\nA buffer overflow flaw was found in PHP\u0027s imageloadfont function. If a PHP\nscript allowed a remote attacker to load a carefully crafted font file, it\ncould cause the PHP interpreter to crash or, possibly, execute arbitrary\ncode. (CVE-2008-3658)\n\nA flaw was found in the way PHP handled certain file extensions when\nrunning in FastCGI mode. If the PHP interpreter was being executed via\nFastCGI, a remote attacker could create a request which would cause the PHP\ninterpreter to crash. (CVE-2008-3660)\n\nA memory disclosure flaw was found in the PHP gd extension\u0027s imagerotate\nfunction. A remote attacker able to pass arbitrary values as the\n\"background color\" argument of the function could, possibly, view portions\nof the PHP interpreter\u0027s memory. (CVE-2008-5498)\n\nA cross-site scripting flaw was found in a way PHP reported errors for\ninvalid cookies. If the PHP interpreter had \"display_errors\" enabled, a\nremote attacker able to set a specially-crafted cookie on a victim\u0027s system\ncould possibly inject arbitrary HTML into an error message generated by\nPHP. (CVE-2008-5814)\n\nA flaw was found in PHP\u0027s json_decode function. A remote attacker could use\nthis flaw to create a specially-crafted string which could cause the PHP\ninterpreter to crash while being decoded in a PHP script. (CVE-2009-1271)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. The httpd web server\nmust be restarted for the changes to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:0350",
        "url": "https://access.redhat.com/errata/RHSA-2009:0350"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "459529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
      },
      {
        "category": "external",
        "summary": "459572",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
      },
      {
        "category": "external",
        "summary": "474824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
      },
      {
        "category": "external",
        "summary": "478425",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
      },
      {
        "category": "external",
        "summary": "478848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
      },
      {
        "category": "external",
        "summary": "479272",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
      },
      {
        "category": "external",
        "summary": "480167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
      },
      {
        "category": "external",
        "summary": "494530",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_0350.json"
      }
    ],
    "title": "Red Hat Security Advisory: php security update",
    "tracking": {
      "current_release_date": "2024-12-15T18:13:03+00:00",
      "generator": {
        "date": "2024-12-15T18:13:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2009:0350",
      "initial_release_date": "2009-04-14T17:14:00+00:00",
      "revision_history": [
        {
          "date": "2009-04-14T17:14:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-04-14T13:14:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-15T18:13:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
                "product": {
                  "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)",
                  "product_id": "5Server-Stacks",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_stack:2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Stack"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-pdo-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-pdo-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-imap-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-imap-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-imap-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-snmp-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-snmp-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-ldap-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-ldap-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-gd-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-gd-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-gd-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-devel-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-devel-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-devel-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-mysql-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-mysql-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-dba-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-dba-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-dba-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-soap-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-soap-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-soap-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-common-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-common-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-common-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-odbc-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-odbc-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-cli-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-cli-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-cli-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xml-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-xml-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-xml-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
                "product": {
                  "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
                  "product_id": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-pdo-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-pdo-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-pdo-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pdo@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xmlrpc@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-bcmath-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-bcmath-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-bcmath-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-bcmath@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-imap-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-imap-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-imap-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-imap@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-snmp-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-snmp-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-snmp-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-snmp@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ldap-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-ldap-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-ldap-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ldap@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-gd-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-gd-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-gd-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-gd@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-devel-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-devel-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-devel-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-devel@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mysql-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-mysql-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-mysql-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mysql@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-dba-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-dba-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-dba-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-dba@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-soap-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-soap-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-soap-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-soap@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-common-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-common-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-common-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-common@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-odbc-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-odbc-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-odbc-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-odbc@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-ncurses-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-ncurses-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-ncurses-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-ncurses@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-cli-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-cli-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-cli-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-cli@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-xml-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-xml-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-xml-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-xml@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-debuginfo-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-debuginfo-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-debuginfo@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-pgsql-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-pgsql-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-pgsql-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-pgsql@5.2.6-4.el5s2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "php-mbstring-0:5.2.6-4.el5s2.i386",
                "product": {
                  "name": "php-mbstring-0:5.2.6-4.el5s2.i386",
                  "product_id": "php-mbstring-0:5.2.6-4.el5s2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php-mbstring@5.2.6-4.el5s2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "php-0:5.2.6-4.el5s2.src",
                "product": {
                  "name": "php-0:5.2.6-4.el5s2.src",
                  "product_id": "php-0:5.2.6-4.el5s2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/php@5.2.6-4.el5s2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-0:5.2.6-4.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.src"
        },
        "product_reference": "php-0:5.2.6-4.el5s2.src",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-bcmath-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-bcmath-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-bcmath-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-bcmath-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-cli-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-cli-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-cli-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-cli-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-common-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-common-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-common-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-common-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-dba-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-dba-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-dba-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-dba-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-debuginfo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-debuginfo-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-debuginfo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-debuginfo-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-devel-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-devel-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-devel-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-devel-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-gd-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-gd-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-gd-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-gd-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-imap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-imap-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-imap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-imap-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ldap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-ldap-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ldap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-ldap-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mbstring-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-mbstring-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mbstring-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-mbstring-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mysql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-mysql-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-mysql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-mysql-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ncurses-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-ncurses-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-ncurses-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-ncurses-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-odbc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-odbc-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-odbc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-odbc-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pdo-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-pdo-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pdo-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-pdo-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pgsql-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-pgsql-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-pgsql-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-pgsql-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-snmp-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-snmp-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-snmp-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-snmp-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-soap-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-soap-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-soap-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-soap-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xml-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-xml-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xml-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-xml-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xmlrpc-0:5.2.6-4.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386"
        },
        "product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.i386",
        "relates_to_product_reference": "5Server-Stacks"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)",
          "product_id": "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        },
        "product_reference": "php-xmlrpc-0:5.2.6-4.el5s2.x86_64",
        "relates_to_product_reference": "5Server-Stacks"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-3658",
      "discovery_date": "2008-08-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "459529"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: buffer overflow in the imageloadfont function in gd extension",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3658"
        },
        {
          "category": "external",
          "summary": "RHBZ#459529",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459529"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3658"
        }
      ],
      "release_date": "2008-08-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: buffer overflow in the imageloadfont function in gd extension"
    },
    {
      "cve": "CVE-2008-3660",
      "discovery_date": "2008-08-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "459572"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: FastCGI module DoS via multiple dots preceding the extension",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3660"
        },
        {
          "category": "external",
          "summary": "RHBZ#459572",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=459572"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3660"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3660"
        }
      ],
      "release_date": "2008-08-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: FastCGI module DoS via multiple dots preceding the extension"
    },
    {
      "cve": "CVE-2008-5498",
      "discovery_date": "2008-12-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "478425"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: libgd imagerotate() array index error memory disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5498"
        },
        {
          "category": "external",
          "summary": "RHBZ#478425",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478425"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5498",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5498"
        }
      ],
      "release_date": "2008-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: libgd imagerotate() array index error memory disclosure"
    },
    {
      "cve": "CVE-2008-5557",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2008-12-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "478848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5557"
        },
        {
          "category": "external",
          "summary": "RHBZ#478848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=478848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5557",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5557"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5557"
        }
      ],
      "release_date": "2008-08-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)"
    },
    {
      "cve": "CVE-2008-5658",
      "discovery_date": "2008-12-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "474824"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5658"
        },
        {
          "category": "external",
          "summary": "RHBZ#474824",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=474824"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
        }
      ],
      "release_date": "2008-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "php: ZipArchive:: extractTo() Directory Traversal Vulnerability"
    },
    {
      "cve": "CVE-2008-5814",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2009-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "480167"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.  NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: XSS via PHP error messages",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5814"
        },
        {
          "category": "external",
          "summary": "RHBZ#480167",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480167"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5814",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5814"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5814"
        }
      ],
      "release_date": "2008-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: XSS via PHP error messages"
    },
    {
      "cve": "CVE-2009-0754",
      "discovery_date": "2009-01-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "479272"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "PHP mbstring.func_overload web server denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0754"
        },
        {
          "category": "external",
          "summary": "RHBZ#479272",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479272"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0754"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0754"
        }
      ],
      "release_date": "2004-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "PHP mbstring.func_overload web server denial of service"
    },
    {
      "cve": "CVE-2009-1271",
      "discovery_date": "2009-02-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "494530"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php: crash on malformed input in json_decode()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
          "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
          "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1271"
        },
        {
          "category": "external",
          "summary": "RHBZ#494530",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=494530"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1271"
        }
      ],
      "release_date": "2008-12-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-04-14T17:14:00+00:00",
          "details": "Before applying this update, make sure that all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use the Red\nHat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:0350"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Server-Stacks:php-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.src",
            "5Server-Stacks:php-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-bcmath-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-cli-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-common-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-dba-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-debuginfo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-devel-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-gd-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-imap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ldap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mbstring-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-mysql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-ncurses-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-odbc-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pdo-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-pgsql-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-snmp-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-soap-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xml-0:5.2.6-4.el5s2.x86_64",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.i386",
            "5Server-Stacks:php-xmlrpc-0:5.2.6-4.el5s2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "php: crash on malformed input in json_decode()"
    }
  ]
}

GSD-2008-5658

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-5658

Aliases

CVE-2008-5658

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-5658",
    "description": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
    "id": "GSD-2008-5658",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-5658.html",
      "https://www.debian.org/security/2009/dsa-1789",
      "https://access.redhat.com/errata/RHSA-2009:0350"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-5658"
      ],
      "details": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
      "id": "GSD-2008-5658",
      "modified": "2023-12-13T01:23:04.326724Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-5658",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32625",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32625"
          },
          {
            "name": "HPSBUX02465",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "1021303",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021303"
          },
          {
            "name": "SSRT090085",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "http://www.sektioneins.de/advisories/SE-2008-06.txt",
            "refsource": "MISC",
            "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
          },
          {
            "name": "FEDORA-2009-3768",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
          },
          {
            "name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0035",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
          },
          {
            "name": "50480",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/50480"
          },
          {
            "name": "SSRT090192",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "php-ziparchive-directory-traversal(47079)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
          },
          {
            "name": "SUSE-SR:2009:004",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "RHSA-2009:0350",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
          },
          {
            "name": "FEDORA-2009-3848",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
          },
          {
            "name": "35003",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35003"
          },
          {
            "name": "http://www.php.net/ChangeLog-5.php#5.2.7",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
          },
          {
            "name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
          },
          {
            "name": "MDVSA-2009:045",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
          },
          {
            "name": "HPSBUX02431",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
          },
          {
            "name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
          },
          {
            "name": "35306",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35306"
          },
          {
            "name": "35650",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35650"
          },
          {
            "name": "DSA-1789",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1789"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5658"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20081204 CVE for SE-2008-06 in PHP 5.2.7 (ZipArchive)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
            },
            {
              "name": "http://www.php.net/ChangeLog-5.php#5.2.7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
            },
            {
              "name": "http://www.sektioneins.de/advisories/SE-2008-06.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
            },
            {
              "name": "1021303",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021303"
            },
            {
              "name": "32625",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/32625"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "MDVSA-2009:045",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0035",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
            },
            {
              "name": "50480",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/50480"
            },
            {
              "name": "20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
            },
            {
              "name": "RHSA-2009:0350",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
            },
            {
              "name": "35003",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35003"
            },
            {
              "name": "DSA-1789",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1789"
            },
            {
              "name": "FEDORA-2009-3768",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
            },
            {
              "name": "35306",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35306"
            },
            {
              "name": "FEDORA-2009-3848",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
            },
            {
              "name": "35650",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35650"
            },
            {
              "name": "SSRT090085",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "php-ziparchive-directory-traversal(47079)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
            },
            {
              "name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:56Z",
      "publishedDate": "2008-12-17T20:30Z"
    }
  }
}

FKIE_CVE-2008-5658

Vulnerability from fkie_nvd - Published: 2008-12-17 20:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=124654546101607&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=125631037611762&w=2
cve@mitre.org	http://osvdb.org/50480
cve@mitre.org	http://secunia.com/advisories/35003
cve@mitre.org	http://secunia.com/advisories/35306
cve@mitre.org	http://secunia.com/advisories/35650
cve@mitre.org	http://wiki.rpath.com/Advisories:rPSA-2009-0035
cve@mitre.org	http://www.debian.org/security/2009/dsa-1789
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/12/04/3
cve@mitre.org	http://www.php.net/ChangeLog-5.php#5.2.7
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-0350.html
cve@mitre.org	http://www.securityfocus.com/archive/1/501376/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/32625
cve@mitre.org	http://www.securitytracker.com/id?1021303
cve@mitre.org	http://www.sektioneins.de/advisories/SE-2008-06.txt	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=124654546101607&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=125631037611762&w=2
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/50480
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35003
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35306
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35650
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2009-0035
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1789
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/12/04/3
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/ChangeLog-5.php#5.2.7
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0350.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501376/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32625
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021303
af854a3a-2127-422b-91ae-364da2661108	http://www.sektioneins.de/advisories/SE-2008-06.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

Impacted products

Vendor	Product	Version
php	php	*
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.0
php	php	5.0.1
php	php	5.0.2
php	php	5.0.3
php	php	5.0.4
php	php	5.0.5
php	php	5.1.0
php	php	5.1.1
php	php	5.1.2
php	php	5.1.3
php	php	5.1.4
php	php	5.1.5
php	php	5.1.6
php	php	5.2.0
php	php	5.2.1
php	php	5.2.2
php	php	5.2.3
php	php	5.2.4
php	php	5.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FCD404F-54C5-4DFF-ABC3-F0745C5BC96F",
              "versionEndIncluding": "5.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la funci\u00f3n ZipArchive::extractTo de PHP 5.2.6 y anteriores, permite a atacantes dependientes del contexto escribir ficheros de su elecci\u00f3n a trav\u00e9s de un archivo ZIP con un fichero que contenga la secuencia .. (punto punto)."
    }
  ],
  "id": "CVE-2008-5658",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-17T20:30:01.017",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/50480"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35003"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35306"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35650"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1789"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32625"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021303"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html",
      "lastModified": "2009-04-15T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3JWH-Q6HX-PVMH

Vulnerability from github – Published: 2022-05-14 02:39 – Updated: 2022-05-14 02:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-5658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-17T20:30:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.",
  "id": "GHSA-3jwh-q6hx-pvmh",
  "modified": "2022-05-14T02:39:44Z",
  "published": "2022-05-14T02:39:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5658"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47079"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/50480"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35306"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35650"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1789"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:045"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2008/12/04/3"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/ChangeLog-5.php#5.2.7"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0350.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32625"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021303"
    },
    {
      "type": "WEB",
      "url": "http://www.sektioneins.de/advisories/SE-2008-06.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-5658 (GCVE-0-2008-5658)

CERTA-2009-AVI-257

Description

Solution

CERTA-2009-AVI-257

Description

Solution

RHSA-2009:0350

RHSA-2009_0350

GSD-2008-5658

FKIE_CVE-2008-5658

GHSA-3JWH-Q6HX-PVMH

Tags

Sightings

Nomenclature