Vulnerability CVE-2009-4142 - CERT Civis.Net

Vulnerability Name:

CVE-2009-4142 (CCN-54915)

Assigned:

2009-10-06

Published:

2009-10-06

Updated:

2018-10-30

Summary:

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.php.net/bug.php?id=49785

Source: MITRE
Type: CNA
CVE-2009-4142

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-03-29-1

Source: HP
Type: UNKNOWN
SSRT100152

Source: CCN
Type: RHSA-2010-0040
Moderate: php security update

Source: CCN
Type: SA37821
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
37821

Source: SECUNIA
Type: UNKNOWN
38648

Source: SECUNIA
Type: UNKNOWN
40262

Source: CCN
Type: SECTRACK ID: 1023372
PHP Input Validation Flaw in htmlspecialchars() Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: Exploit
1023372

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4077

Source: DEBIAN
Type: UNKNOWN
DSA-2001

Source: DEBIAN
Type: DSA-2001
php5 -- multiple vulnerabilities

Source: CCN
Type: GLSA-201001-03
PHP: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 61209
PHP htmlspecialchars() Invalid Byte Sequence XSS

Source: CONFIRM
Type: Patch
http://www.php.net/ChangeLog-5.php

Source: CCN
Type: The PHP Group Web site
PHP 5.2.12 Release Announcement

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/releases/5_2_12.php

Source: BID
Type: Exploit
37389

Source: CCN
Type: BID-37389
PHP 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability

Source: CCN
Type: USN-882-1
PHP vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2009-3593

Source: XF
Type: UNKNOWN
php-htmlspecialchars-xss(54915)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10005

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7085

Source: SUSE
Type: SUSE-SR:2010:005
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:1.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:2.0b10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.14:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.15:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.16:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.17:*:*:*:*:*:*:*

OR cpe:/a:php:php:3.0.18:*:*:*:*:*:*:*

OR cpe:/a:php:php:4:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.1:patch2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.3:patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.4:patch1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:4.0.7:rc4:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2:*:dev:*:*:*:*:*

OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:4.4.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.2.11)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20094142	V	CVE-2009-4142	2022-05-20
oval:org.opensuse.security:def:31707	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:31302	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31658	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31210	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:42077	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:31150	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31748	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31746	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:31359	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31356	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:41931	P	apache2-mod_php5-5.2.6-50.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35524	P	apache2-mod_php5-5.2.6-50.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35670	P	apache2-mod_php5-5.2.14-0.7.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31853	P	Security update for coreutils (Important)	2020-12-01
oval:org.opensuse.security:def:25076	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25705	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25647	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:32489	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31958	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25087	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:25754	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:25221	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25798	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32596	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25151	P	Security update for file-roller (Low)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:25222	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31446	P	Security update for popt	2020-12-01
oval:org.opensuse.security:def:32635	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31448	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:26489	P	Security update for php7-imagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25279	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25233	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:30992	P	Security update for jakarta-taglibs-standard (Important)	2020-12-01
oval:org.opensuse.security:def:31602	P	Security update for tomcat6	2020-12-01
oval:org.opensuse.security:def:31505	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26524	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25360	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25297	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:30993	P	Security update for jasper	2020-12-01
oval:org.opensuse.security:def:31592	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25417	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26635	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25425	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25953	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31004	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31138	P	Security update for lcms	2020-12-01
oval:org.opensuse.security:def:25501	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:26670	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25506	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:31812	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:31078	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31139	P	Security update for less (Moderate)	2020-12-01
oval:org.opensuse.security:def:31804	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25075	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25652	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25563	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:32450	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31768	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.mitre.oval:def:7085	V	HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)	2015-04-20
oval:org.mitre.oval:def:12607	P	USN-882-1 -- php5 vulnerabilities	2014-07-07
oval:org.mitre.oval:def:13461	P	DSA-2001-1 php5 -- multiple	2014-06-23
oval:org.mitre.oval:def:7367	P	DSA-2001 php5 -- multiple vulnerabilities	2014-06-23
oval:org.mitre.oval:def:23025	P	ELSA-2010:0040: php security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21391	P	RHSA-2010:0040: php security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:10005	V	The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.	2013-04-29
oval:org.debian:def:2001	V	multiple vulnerabilities	2010-02-19
oval:com.redhat.rhsa:def:20100040	P	RHSA-2010:0040: php security update (Moderate)	2010-01-13