Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2002-0986
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"name": "DSA-168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"name": "VU#410609",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"name": "RHSA-2002:243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "2160",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2160"
},
{
"name": "RHSA-2003:159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"name": "MDKSA-2003:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"name": "5562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5562"
},
{
"name": "CSSA-2003-008.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"
},
{
"name": "php-mail-ascii-injection(9959)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
},
{
"name": "SuSE-SA:2002:036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"name": "CLA-2002:545",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"name": "RHSA-2002:213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"name": "RHSA-2002:248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "RHSA-2002:214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"name": "DSA-168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"name": "VU#410609",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"name": "RHSA-2002:243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "2160",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2160"
},
{
"name": "RHSA-2003:159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"name": "MDKSA-2003:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"name": "5562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5562"
},
{
"name": "CSSA-2003-008.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"
},
{
"name": "php-mail-ascii-injection(9959)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
},
{
"name": "SuSE-SA:2002:036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"name": "CLA-2002:545",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"name": "RHSA-2002:213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"name": "RHSA-2002:248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "RHSA-2002:214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"name": "DSA-168",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"name": "VU#410609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"name": "RHSA-2002:243",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "2160",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2160"
},
{
"name": "RHSA-2003:159",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"name": "MDKSA-2003:082",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"name": "5562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5562"
},
{
"name": "CSSA-2003-008.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"
},
{
"name": "php-mail-ascii-injection(9959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
},
{
"name": "SuSE-SA:2002:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"name": "CLA-2002:545",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"name": "RHSA-2002:213",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"name": "RHSA-2002:248",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "RHSA-2002:214",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0986",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-08-23T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2002-0986\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2002-09-24T04:00:00.000\",\"lastModified\":\"2024-11-20T23:40:19.903\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \\\"spam proxy.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3E7199-8FB7-4930-9C0A-A36A698940B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDBEC461-D553-41B7-8D85-20B6A933C21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BAA18C-E5A0-4210-B64B-709BBFF31EEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"419867C6-37BE-43B4-BFE0-6325FEE3807D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*\",\"matchCriteriaId\":\"37896E87-95C2-4039-8362-BC03B1C56706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13A159B4-B847-47DE-B7F8-89384E6C551B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57B59616-A309-40B4-94B1-50A7BC00E35C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8667FBC6-04B6-40E5-93B3-6C22BEED4B26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F39A1B1-416E-4436-8007-733B66904A14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2E5F96-66D2-4F99-A74D-6A2305EE218E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D724D09-0D45-4701-93C9-348301217C8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6713614A-B14E-4A85-BF89-ED780068FC68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD95F8EB-B428-4B3C-9254-A5DECE03A989\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"069EB7EE-06B9-454F-9007-8DE5DCA33C53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18BF5BE6-09EA-45AD-93BF-2BEF1742534E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC1460DF-1687-4314-BF1A-01290B20302D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"470380B0-3982-48FC-871B-C8B43C81900D\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2002/dsa-168\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/410609\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2002_036_modphp4.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/2160\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-213.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-214.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-243.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-244.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-248.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-159.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/5562\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/9959\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2002/dsa-168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/410609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2002_036_modphp4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/2160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-213.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-214.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-243.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-244.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2002-248.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-159.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/5562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/9959\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
gsd-2002-0986
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2002-0986",
"description": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"id": "GSD-2002-0986",
"references": [
"https://www.debian.org/security/2002/dsa-168",
"https://access.redhat.com/errata/RHSA-2003:159",
"https://access.redhat.com/errata/RHSA-2002:248",
"https://access.redhat.com/errata/RHSA-2002:244",
"https://access.redhat.com/errata/RHSA-2002:243",
"https://access.redhat.com/errata/RHSA-2002:214",
"https://access.redhat.com/errata/RHSA-2002:213"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2002-0986"
],
"details": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"id": "GSD-2002-0986",
"modified": "2023-12-13T01:24:07.787064Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"name": "DSA-168",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"name": "VU#410609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"name": "RHSA-2002:243",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "2160",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2160"
},
{
"name": "RHSA-2003:159",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"name": "MDKSA-2003:082",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"name": "5562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5562"
},
{
"name": "CSSA-2003-008.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"
},
{
"name": "php-mail-ascii-injection(9959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
},
{
"name": "SuSE-SA:2002:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"name": "CLA-2002:545",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"name": "RHSA-2002:213",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"name": "RHSA-2002:248",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "RHSA-2002:214",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0986"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5562",
"refsource": "BID",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5562"
},
{
"name": "DSA-168",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"name": "SuSE-SA:2002:036",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"name": "RHSA-2002:213",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"name": "RHSA-2002:214",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
},
{
"name": "RHSA-2002:243",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "RHSA-2002:244",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "RHSA-2002:248",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2003:159",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"name": "CLA-2002:545",
"refsource": "CONECTIVA",
"tags": [],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"name": "CSSA-2003-008.0",
"refsource": "CALDERA",
"tags": [],
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"
},
{
"name": "MDKSA-2003:082",
"refsource": "MANDRAKE",
"tags": [],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"name": "VU#410609",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"name": "2160",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/2160"
},
{
"name": "20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"name": "php-mail-ascii-injection(9959)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-10-10T01:30Z",
"publishedDate": "2002-09-24T04:00Z"
}
}
}
rhsa-2002:243
Vulnerability from csaf_redhat
Published
2002-11-08 11:15
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fixes two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use, and would allow remote attackers
to execute scripts as other Web page visitors, for instance, to steal
cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fixes two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27, allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use, and would allow remote attackers\nto execute scripts as other Web page visitors, for instance, to steal\ncookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27, allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:243",
"url": "https://access.redhat.com/errata/RHSA-2002:243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_243.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:21+00:00",
"generator": {
"date": "2024-11-21T22:31:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:243",
"initial_release_date": "2002-11-08T11:15:00+00:00",
"revision_history": [
{
"date": "2002-11-08T11:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Stronghold 3",
"product": {
"name": "Red Hat Stronghold 3",
"product_id": "Red Hat Stronghold 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stronghold:3"
}
}
}
],
"category": "product_family",
"name": "Stronghold Cross Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
rhsa-2003:159
Vulnerability from csaf_redhat
Published
2003-06-30 14:37
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities
Notes
Topic
Updated PHP packages are available for Red Hat Linux on IBM iSeries and
pSeries systems.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to an
MTA (such as Sendmail). Specifically, the fifth argument to mail() may be
modified, altering MTA behavior and possibly allowing the execution of
arbitrary local commands.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."
Script authors should note that all input should be checked for unsafe data
by any PHP scripts calling functions such as mail().
PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows local
users and possibly remote attackers to execute arbitrary commands via shell
metacharacters.
Note that this PHP errata enforces memory limits on the size of the PHP
process to prevent a badly generated script from becoming a possible source
for a denial of service attack. The default process size is 8MB, though you
can adjust this as necessary through the php.ini directive memory_limit.
For example, to change the process memory limit to 4MB, add
the following:
memory_limit 4194304
Important Note:
Your original /etc/php.ini configuration file is not replaced or
overwritten. Therefore, you should carefully review your configuration file
and adapt it as necessary to your server or service functions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated PHP packages are available for Red Hat Linux on IBM iSeries and\npSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server. \n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to an\nMTA (such as Sendmail). Specifically, the fifth argument to mail() may be\nmodified, altering MTA behavior and possibly allowing the execution of\narbitrary local commands.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy.\"\n\nScript authors should note that all input should be checked for unsafe data\nby any PHP scripts calling functions such as mail().\n\nPHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse\nthe 5th parameter to the mail() function. This vulnerability allows local\nusers and possibly remote attackers to execute arbitrary commands via shell\nmetacharacters.\n\nNote that this PHP errata enforces memory limits on the size of the PHP\nprocess to prevent a badly generated script from becoming a possible source\nfor a denial of service attack. The default process size is 8MB, though you\ncan adjust this as necessary through the php.ini directive memory_limit.\nFor example, to change the process memory limit to 4MB, add\nthe following:\n\nmemory_limit 4194304\n\nImportant Note:\n\nYour original /etc/php.ini configuration file is not replaced or\noverwritten. Therefore, you should carefully review your configuration file\nand adapt it as necessary to your server or service functions.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:159",
"url": "https://access.redhat.com/errata/RHSA-2003:159"
},
{
"category": "external",
"summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204",
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/archive/1/194425",
"url": "http://online.securityfocus.com/archive/1/194425"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_159.json"
}
],
"title": "Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities",
"tracking": {
"current_release_date": "2024-11-21T22:31:38+00:00",
"generator": {
"date": "2024-11-21T22:31:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:159",
"initial_release_date": "2003-06-30T14:37:00+00:00",
"revision_history": [
{
"date": "2003-06-30T14:37:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-06-30T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2001-1246",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616654"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2001-1246"
},
{
"category": "external",
"summary": "RHBZ#1616654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616654"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2001-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
}
],
"release_date": "2001-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2003_159
Vulnerability from csaf_redhat
Published
2003-06-30 14:37
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities
Notes
Topic
Updated PHP packages are available for Red Hat Linux on IBM iSeries and
pSeries systems.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to an
MTA (such as Sendmail). Specifically, the fifth argument to mail() may be
modified, altering MTA behavior and possibly allowing the execution of
arbitrary local commands.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."
Script authors should note that all input should be checked for unsafe data
by any PHP scripts calling functions such as mail().
PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows local
users and possibly remote attackers to execute arbitrary commands via shell
metacharacters.
Note that this PHP errata enforces memory limits on the size of the PHP
process to prevent a badly generated script from becoming a possible source
for a denial of service attack. The default process size is 8MB, though you
can adjust this as necessary through the php.ini directive memory_limit.
For example, to change the process memory limit to 4MB, add
the following:
memory_limit 4194304
Important Note:
Your original /etc/php.ini configuration file is not replaced or
overwritten. Therefore, you should carefully review your configuration file
and adapt it as necessary to your server or service functions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated PHP packages are available for Red Hat Linux on IBM iSeries and\npSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server. \n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to an\nMTA (such as Sendmail). Specifically, the fifth argument to mail() may be\nmodified, altering MTA behavior and possibly allowing the execution of\narbitrary local commands.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy.\"\n\nScript authors should note that all input should be checked for unsafe data\nby any PHP scripts calling functions such as mail().\n\nPHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse\nthe 5th parameter to the mail() function. This vulnerability allows local\nusers and possibly remote attackers to execute arbitrary commands via shell\nmetacharacters.\n\nNote that this PHP errata enforces memory limits on the size of the PHP\nprocess to prevent a badly generated script from becoming a possible source\nfor a denial of service attack. The default process size is 8MB, though you\ncan adjust this as necessary through the php.ini directive memory_limit.\nFor example, to change the process memory limit to 4MB, add\nthe following:\n\nmemory_limit 4194304\n\nImportant Note:\n\nYour original /etc/php.ini configuration file is not replaced or\noverwritten. Therefore, you should carefully review your configuration file\nand adapt it as necessary to your server or service functions.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:159",
"url": "https://access.redhat.com/errata/RHSA-2003:159"
},
{
"category": "external",
"summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204",
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/archive/1/194425",
"url": "http://online.securityfocus.com/archive/1/194425"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_159.json"
}
],
"title": "Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities",
"tracking": {
"current_release_date": "2024-11-21T22:31:38+00:00",
"generator": {
"date": "2024-11-21T22:31:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:159",
"initial_release_date": "2003-06-30T14:37:00+00:00",
"revision_history": [
{
"date": "2003-06-30T14:37:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-06-30T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2001-1246",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616654"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2001-1246"
},
{
"category": "external",
"summary": "RHBZ#1616654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616654"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2001-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
}
],
"release_date": "2001-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2002:244
Vulnerability from csaf_redhat
Published
2002-11-08 11:15
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fix two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27 allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use. These issues would allow remote
attackers to execute scripts as other Web page visitors, for instance, to
steal cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27 allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fix two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27 allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use. These issues would allow remote\nattackers to execute scripts as other Web page visitors, for instance, to\nsteal cookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27 allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:244",
"url": "https://access.redhat.com/errata/RHSA-2002:244"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_244.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:24+00:00",
"generator": {
"date": "2024-11-21T22:31:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:244",
"initial_release_date": "2002-11-08T11:15:00+00:00",
"revision_history": [
{
"date": "2002-11-08T11:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Stronghold 4",
"product": {
"name": "Red Hat Stronghold 4",
"product_id": "Red Hat Stronghold 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stronghold:4"
}
}
}
],
"category": "product_family",
"name": "Stronghold Cross Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
rhsa-2002_243
Vulnerability from csaf_redhat
Published
2002-11-08 11:15
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fixes two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use, and would allow remote attackers
to execute scripts as other Web page visitors, for instance, to steal
cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fixes two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27, allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use, and would allow remote attackers\nto execute scripts as other Web page visitors, for instance, to steal\ncookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27, allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:243",
"url": "https://access.redhat.com/errata/RHSA-2002:243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_243.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:21+00:00",
"generator": {
"date": "2024-11-21T22:31:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:243",
"initial_release_date": "2002-11-08T11:15:00+00:00",
"revision_history": [
{
"date": "2002-11-08T11:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Stronghold 3",
"product": {
"name": "Red Hat Stronghold 3",
"product_id": "Red Hat Stronghold 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stronghold:3"
}
}
}
],
"category": "product_family",
"name": "Stronghold Cross Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
rhsa-2002:248
Vulnerability from csaf_redhat
Published
2002-11-07 17:42
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fixes two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use, and would allow remote attackers
to execute scripts as other Web page visitors, for instance, to steal
cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fixes two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27, allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use, and would allow remote attackers\nto execute scripts as other Web page visitors, for instance, to steal\ncookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27, allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:248",
"url": "https://access.redhat.com/errata/RHSA-2002:248"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_248.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:28+00:00",
"generator": {
"date": "2024-11-21T22:31:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:248",
"initial_release_date": "2002-11-07T17:42:00+00:00",
"revision_history": [
{
"date": "2002-11-07T17:42:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Stronghold 4 for Red Hat Enterprise Linux",
"product": {
"name": "Stronghold 4 for Red Hat Enterprise Linux",
"product_id": "Stronghold 4 for Red Hat Enterprise Linux",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_stronghold:4"
}
}
}
],
"category": "product_family",
"name": "Stronghold 4.0 for Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2003:159
Vulnerability from csaf_redhat
Published
2003-06-30 14:37
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities
Notes
Topic
Updated PHP packages are available for Red Hat Linux on IBM iSeries and
pSeries systems.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to an
MTA (such as Sendmail). Specifically, the fifth argument to mail() may be
modified, altering MTA behavior and possibly allowing the execution of
arbitrary local commands.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."
Script authors should note that all input should be checked for unsafe data
by any PHP scripts calling functions such as mail().
PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows local
users and possibly remote attackers to execute arbitrary commands via shell
metacharacters.
Note that this PHP errata enforces memory limits on the size of the PHP
process to prevent a badly generated script from becoming a possible source
for a denial of service attack. The default process size is 8MB, though you
can adjust this as necessary through the php.ini directive memory_limit.
For example, to change the process memory limit to 4MB, add
the following:
memory_limit 4194304
Important Note:
Your original /etc/php.ini configuration file is not replaced or
overwritten. Therefore, you should carefully review your configuration file
and adapt it as necessary to your server or service functions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated PHP packages are available for Red Hat Linux on IBM iSeries and\npSeries systems.",
"title": "Topic"
},
{
"category": "general",
"text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server. \n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to an\nMTA (such as Sendmail). Specifically, the fifth argument to mail() may be\nmodified, altering MTA behavior and possibly allowing the execution of\narbitrary local commands.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy.\"\n\nScript authors should note that all input should be checked for unsafe data\nby any PHP scripts calling functions such as mail().\n\nPHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse\nthe 5th parameter to the mail() function. This vulnerability allows local\nusers and possibly remote attackers to execute arbitrary commands via shell\nmetacharacters.\n\nNote that this PHP errata enforces memory limits on the size of the PHP\nprocess to prevent a badly generated script from becoming a possible source\nfor a denial of service attack. The default process size is 8MB, though you\ncan adjust this as necessary through the php.ini directive memory_limit.\nFor example, to change the process memory limit to 4MB, add\nthe following:\n\nmemory_limit 4194304\n\nImportant Note:\n\nYour original /etc/php.ini configuration file is not replaced or\noverwritten. Therefore, you should carefully review your configuration file\nand adapt it as necessary to your server or service functions.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2003:159",
"url": "https://access.redhat.com/errata/RHSA-2003:159"
},
{
"category": "external",
"summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204",
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103011916928204"
},
{
"category": "external",
"summary": "http://online.securityfocus.com/archive/1/194425",
"url": "http://online.securityfocus.com/archive/1/194425"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_159.json"
}
],
"title": "Red Hat Security Advisory: : : : New PHP packages fix vulnerabilities",
"tracking": {
"current_release_date": "2024-11-21T22:31:38+00:00",
"generator": {
"date": "2024-11-21T22:31:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2003:159",
"initial_release_date": "2003-06-30T14:37:00+00:00",
"revision_history": [
{
"date": "2003-06-30T14:37:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2003-06-30T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2001-1246",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616654"
}
],
"notes": [
{
"category": "description",
"text": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2001-1246"
},
{
"category": "external",
"summary": "RHBZ#1616654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616654"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2001-1246",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1246"
}
],
"release_date": "2001-06-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2003-06-30T14:37:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 7.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2003:159"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
rhsa-2002_244
Vulnerability from csaf_redhat
Published
2002-11-08 11:15
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fix two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27 allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use. These issues would allow remote
attackers to execute scripts as other Web page visitors, for instance, to
steal cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27 allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fix two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27 allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use. These issues would allow remote\nattackers to execute scripts as other Web page visitors, for instance, to\nsteal cookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27 allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:244",
"url": "https://access.redhat.com/errata/RHSA-2002:244"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_244.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:24+00:00",
"generator": {
"date": "2024-11-21T22:31:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:244",
"initial_release_date": "2002-11-08T11:15:00+00:00",
"revision_history": [
{
"date": "2002-11-08T11:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Stronghold 4",
"product": {
"name": "Red Hat Stronghold 4",
"product_id": "Red Hat Stronghold 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stronghold:4"
}
}
}
],
"category": "product_family",
"name": "Stronghold Cross Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
rhsa-2002_248
Vulnerability from csaf_redhat
Published
2002-11-07 17:42
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fixes two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use, and would allow remote attackers
to execute scripts as other Web page visitors, for instance, to steal
cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fixes two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27, allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use, and would allow remote attackers\nto execute scripts as other Web page visitors, for instance, to steal\ncookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27, allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:248",
"url": "https://access.redhat.com/errata/RHSA-2002:248"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_248.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:28+00:00",
"generator": {
"date": "2024-11-21T22:31:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:248",
"initial_release_date": "2002-11-07T17:42:00+00:00",
"revision_history": [
{
"date": "2002-11-07T17:42:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Stronghold 4 for Red Hat Enterprise Linux",
"product": {
"name": "Stronghold 4 for Red Hat Enterprise Linux",
"product_id": "Stronghold 4 for Red Hat Enterprise Linux",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_stronghold:4"
}
}
}
],
"category": "product_family",
"name": "Stronghold 4.0 for Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:243
Vulnerability from csaf_redhat
Published
2002-11-08 11:15
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fixes two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use, and would allow remote attackers
to execute scripts as other Web page visitors, for instance, to steal
cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fixes two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27, allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use, and would allow remote attackers\nto execute scripts as other Web page visitors, for instance, to steal\ncookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27, allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:243",
"url": "https://access.redhat.com/errata/RHSA-2002:243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_243.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:21+00:00",
"generator": {
"date": "2024-11-21T22:31:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:243",
"initial_release_date": "2002-11-08T11:15:00+00:00",
"revision_history": [
{
"date": "2002-11-08T11:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Stronghold 3",
"product": {
"name": "Red Hat Stronghold 3",
"product_id": "Red Hat Stronghold 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stronghold:3"
}
}
}
],
"category": "product_family",
"name": "Stronghold Cross Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "Backported fixes are available for the versions of Apache, mod_ssl, and PHP\nincluded in Stronghold 3. Stronghold 3 build code 3020 is now available\nwhich includes this fix, and can be downloaded from the following URL:\n\nhttp://stronghold.redhat.com/sh3/\n\nFor information on how to upgrade between releases of Stronghold 3, refer\nto the following URL:\n\nhttp://stronghold.redhat.com/support/upgrade-sh3.xml",
"product_ids": [
"Red Hat Stronghold 3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:243"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:248
Vulnerability from csaf_redhat
Published
2002-11-07 17:42
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fixes two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27, allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use, and would allow remote attackers
to execute scripts as other Web page visitors, for instance, to steal
cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27, allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fixes two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27, allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use, and would allow remote attackers\nto execute scripts as other Web page visitors, for instance, to steal\ncookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27, allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:248",
"url": "https://access.redhat.com/errata/RHSA-2002:248"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_248.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:28+00:00",
"generator": {
"date": "2024-11-21T22:31:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:248",
"initial_release_date": "2002-11-07T17:42:00+00:00",
"revision_history": [
{
"date": "2002-11-07T17:42:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Stronghold 4 for Red Hat Enterprise Linux",
"product": {
"name": "Stronghold 4 for Red Hat Enterprise Linux",
"product_id": "Stronghold 4 for Red Hat Enterprise Linux",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_stronghold:4"
}
}
}
],
"category": "product_family",
"name": "Stronghold 4.0 for Red Hat Advanced Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Stronghold 4 for Red Hat Enterprise Linux"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-07T17:42:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains\nthe desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Stronghold 4 for Red Hat Enterprise Linux"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:248"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2002:244
Vulnerability from csaf_redhat
Published
2002-11-08 11:15
Modified
2024-11-21 22:31
Summary
Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Notes
Topic
Updated versions of the Apache HTTP server, PHP, and mod_ssl are now
available which close possible buffer overflows in the Apache HTTP server
benchmarking tool, fix two cross-site scripting vulnerabilities in the
error pages, and fix possible local privilege escalation. These updates
also fix vulnerabilities in the PHP mail() function that allows script
authors to bypass safe mode restrictions, and possibly allow remote
attackers to insert arbitrary mail headers and content into messages.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server. PHP is an HTML-embedded scripting language
commonly used with the Apache HTTP server.
Buffer overflows in the ApacheBench support program (ab.c) in Apache
versions prior to 1.3.27 allow a malicious Web server to cause a denial of
service and possibly execute arbitrary code via a long response. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0843 to this issue.
Two cross-site scripting vulnerabilities are present in the error pages
for the default "404 Not Found" error, and for the error response when a
plain HTTP request is received on an SSL port. Both of these issues are
only exploitable if the "UseCanonicalName" setting has been changed to
"Off", and wildcard DNS is in use. These issues would allow remote
attackers to execute scripts as other Web page visitors, for instance, to
steal cookies. These issues affect Apache versions 1.3 to 1.3.26,
and mod_ssl versions before 2.8.12. The Common Vulnerabilities and
Exposures project has assigned the names CAN-2002-0840 and
CAN-2002-1157 to these issues.
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to
version 1.3.27 allowed a user running as the web server user to send a
SIGUSR1 signal to any process as root, resulting in a denial of service
(process kill) or other such behavior that would not normally be allowed.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-839 to this issue.
The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0985
to this issue.
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy". The Common Vulnerabilities and Exposures project has
assigned the name CAN-2002-0986 to this issue.
Stronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and
is therefore vulnerable to these issues. Users of Stronghold are advised to
patch or upgrade their servers.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated versions of the Apache HTTP server, PHP, and mod_ssl are now\navailable which close possible buffer overflows in the Apache HTTP server\nbenchmarking tool, fix two cross-site scripting vulnerabilities in the\nerror pages, and fix possible local privilege escalation. These updates\nalso fix vulnerabilities in the PHP mail() function that allows script\nauthors to bypass safe mode restrictions, and possibly allow remote\nattackers to insert arbitrary mail headers and content into messages.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server. PHP is an HTML-embedded scripting language\ncommonly used with the Apache HTTP server.\n\nBuffer overflows in the ApacheBench support program (ab.c) in Apache\nversions prior to 1.3.27 allow a malicious Web server to cause a denial of\nservice and possibly execute arbitrary code via a long response. The\nCommon Vulnerabilities and Exposures project has assigned the name\nCAN-2002-0843 to this issue.\n\nTwo cross-site scripting vulnerabilities are present in the error pages\nfor the default \"404 Not Found\" error, and for the error response when a\nplain HTTP request is received on an SSL port. Both of these issues are\nonly exploitable if the \"UseCanonicalName\" setting has been changed to\n\"Off\", and wildcard DNS is in use. These issues would allow remote\nattackers to execute scripts as other Web page visitors, for instance, to\nsteal cookies. These issues affect Apache versions 1.3 to 1.3.26,\nand mod_ssl versions before 2.8.12. The Common Vulnerabilities and\nExposures project has assigned the names CAN-2002-0840 and\nCAN-2002-1157 to these issues.\n\nThe shared memory scoreboard in the HTTP daemon for Apache 1.3.x, prior to\nversion 1.3.27 allowed a user running as the web server user to send a\nSIGUSR1 signal to any process as root, resulting in a denial of service\n(process kill) or other such behavior that would not normally be allowed. \nThe Common Vulnerabilities and Exposures project has assigned the name\nCAN-2002-839 to this issue.\n\nThe mail function in PHP 4.x to 4.2.2 may allow local script authors to\nbypass safe mode restrictions and modify command line arguments to the\nMTA (such as Sendmail) in the fifth argument to mail(), altering MTA\nbehavior and possibly executing arbitrary local commands. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2002-0985\nto this issue.\n\nThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control\ncharacters from its arguments, which could allow remote attackers to\nmodify mail message content, including mail headers, and possibly use\nPHP as a \"spam proxy\". The Common Vulnerabilities and Exposures project has\nassigned the name CAN-2002-0986 to this issue.\n\nStronghold 4 contains Apache 1.3.22, mod_ssl 2.8.7, and PHP 4.1.2, and\nis therefore vulnerable to these issues. Users of Stronghold are advised to\npatch or upgrade their servers.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:244",
"url": "https://access.redhat.com/errata/RHSA-2002:244"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://www.apacheweek.com/issues/02-10-04",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_244.json"
}
],
"title": "Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold",
"tracking": {
"current_release_date": "2024-11-21T22:31:24+00:00",
"generator": {
"date": "2024-11-21T22:31:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:244",
"initial_release_date": "2002-11-08T11:15:00+00:00",
"revision_history": [
{
"date": "2002-11-08T11:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-10-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:31:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Stronghold 4",
"product": {
"name": "Red Hat Stronghold 4",
"product_id": "Red Hat Stronghold 4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stronghold:4"
}
}
}
],
"category": "product_family",
"name": "Stronghold Cross Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0839",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616822"
}
],
"notes": [
{
"category": "description",
"text": "The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0839"
},
{
"category": "external",
"summary": "RHBZ#1616822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0839",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0839"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0839"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0840",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616823"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0840"
},
{
"category": "external",
"summary": "RHBZ#1616823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0840"
}
],
"release_date": "2002-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0843",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616824"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0843"
},
{
"category": "external",
"summary": "RHBZ#1616824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0843"
}
],
"release_date": "2002-10-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0985",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616833"
}
],
"notes": [
{
"category": "description",
"text": "Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0985"
},
{
"category": "external",
"summary": "RHBZ#1616833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0985"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0986",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616834"
}
],
"notes": [
{
"category": "description",
"text": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0986"
},
{
"category": "external",
"summary": "RHBZ#1616834",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616834"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
}
],
"release_date": "2002-08-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-1157",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616849"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Stronghold 4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-1157"
},
{
"category": "external",
"summary": "RHBZ#1616849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-1157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1157"
}
],
"release_date": "2002-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-11-08T11:15:00+00:00",
"details": "We have backported the security fixes for the versions of OpenSSL\nand mm included in Stronghold 4. The fixed packages are now available via\nthe update agent service; run\n\n$ bin/agent\n\nfrom the Stronghold 4 install root to upgrade an existing Stronghold 4\ninstallation to the new package versions. After upgrading Stronghold, the\nserver must be completely restarted by running the following commands from\nthe install root:\n\n$ bin/stop-server\n$ bin/start-server\n\nFor more information on how to upgrade between releases of Stronghold 4,\nsee http://stronghold.redhat.com/support/upgrade-sh4",
"product_ids": [
"Red Hat Stronghold 4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:244"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
ghsa-xchw-jqmw-jcvc
Vulnerability from github
Published
2022-05-03 03:08
Modified
2022-05-03 03:08
Details
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
{
"affected": [],
"aliases": [
"CVE-2002-0986"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-09-24T04:00:00Z",
"severity": "MODERATE"
},
"details": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\"",
"id": "GHSA-xchw-jqmw-jcvc",
"modified": "2022-05-03T03:08:03Z",
"published": "2022-05-03T03:08:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0986"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
},
{
"type": "WEB",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"type": "WEB",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/2160"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/5562"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2002-0986
Vulnerability from fkie_nvd
Published
2002-09-24 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3E7199-8FB7-4930-9C0A-A36A698940B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "419867C6-37BE-43B4-BFE0-6325FEE3807D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "37896E87-95C2-4039-8362-BC03B1C56706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
"matchCriteriaId": "8667FBC6-04B6-40E5-93B3-6C22BEED4B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a \"spam proxy.\""
}
],
"id": "CVE-2002-0986",
"lastModified": "2024-11-20T23:40:19.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/2160"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5562"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103011916928204\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105760591228031\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/410609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2002_036_modphp4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/2160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9959"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.