ID

VAR-200803-0016


CVE

CVE-2008-0050


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. An attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15884 VERIFY ADVISORY: http://secunia.com/advisories/15884/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/ DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-0050 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001198 // BID: 28356 // VULHUB: VHN-30175 // PACKETSTORM: 38390

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.11

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.11

Trust: 1.6

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:ltversion:version

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.2

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:neversion:2.0

Trust: 0.3

sources: CERT/CC: VU#442845 // BID: 28356 // JVNDB: JVNDB-2008-001198 // CNNVD: CNNVD-200803-265 // NVD: CVE-2008-0050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0050
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-0050
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200803-265
value: MEDIUM

Trust: 0.6

VULHUB: VHN-30175
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-0050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30175
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-30175 // JVNDB: JVNDB-2008-001198 // CNNVD: CNNVD-200803-265 // NVD: CVE-2008-0050

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-30175 // JVNDB: JVNDB-2008-001198 // NVD: CVE-2008-0050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-265

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200803-265

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001198

PATCH

title:Security Update 2008-002url:http://support.apple.com/kb/HT1249?viewlocale=en_US

Trust: 0.8

title:iPhone v2.0 and iPod touch v2.0url:http://support.apple.com/kb/HT2351

Trust: 0.8

title:Safari 3.1url:http://support.apple.com/kb/HT1315

Trust: 0.8

title:Safari 3.1url:http://docs.info.apple.com/article.html?artnum=307563-ja

Trust: 0.8

title:Security Update 2008-002url:http://support.apple.com/kb/HT1249?viewlocale=ja_JP

Trust: 0.8

title:iPhone v2.0 and iPod touch v2.0url:http://support.apple.com/kb/HT2351?viewlocale=ja_JP&locale=ja_JP

Trust: 0.8

sources: JVNDB: JVNDB-2008-001198

EXTERNAL IDS

db:BIDid:28356

Trust: 2.8

db:NVDid:CVE-2008-0050

Trust: 2.8

db:SECUNIAid:29420

Trust: 2.5

db:SECTRACKid:1019655

Trust: 2.5

db:USCERTid:TA08-079A

Trust: 2.5

db:SECUNIAid:31074

Trust: 1.7

db:VUPENid:ADV-2008-2094

Trust: 1.7

db:VUPENid:ADV-2008-0920

Trust: 1.7

db:VUPENid:ADV-2008-0924

Trust: 1.7

db:BIDid:28290

Trust: 1.7

db:SECUNIAid:15884

Trust: 0.9

db:SECUNIAid:15810

Trust: 0.8

db:SECUNIAid:15922

Trust: 0.8

db:SECUNIAid:15852

Trust: 0.8

db:SECUNIAid:15855

Trust: 0.8

db:SECUNIAid:15861

Trust: 0.8

db:SECUNIAid:15862

Trust: 0.8

db:SECUNIAid:15872

Trust: 0.8

db:SECUNIAid:15883

Trust: 0.8

db:SECUNIAid:15895

Trust: 0.8

db:BIDid:14088

Trust: 0.8

db:SECTRACKid:1014327

Trust: 0.8

db:CERT/CCid:VU#442845

Trust: 0.8

db:USCERTid:SA08-079A

Trust: 0.8

db:JVNDBid:JVNDB-2008-001198

Trust: 0.8

db:CNNVDid:CNNVD-200803-265

Trust: 0.7

db:CERT/CCid:TA08-079A

Trust: 0.6

db:APPLEid:APPLE-SA-2008-03-18

Trust: 0.6

db:APPLEid:APPLE-SA-2008-07-11

Trust: 0.6

db:XFid:502

Trust: 0.6

db:XFid:41313

Trust: 0.6

db:VULHUBid:VHN-30175

Trust: 0.1

db:PACKETSTORMid:38390

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-30175 // BID: 28356 // JVNDB: JVNDB-2008-001198 // PACKETSTORM: 38390 // CNNVD: CNNVD-200803-265 // NVD: CVE-2008-0050

REFERENCES

url:http://www.securityfocus.com/bid/28356

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta08-079a.html

Trust: 2.5

url:http://www.securitytracker.com/id?1019655

Trust: 2.5

url:http://secunia.com/advisories/29420

Trust: 2.5

url:http://docs.info.apple.com/article.html?artnum=307562

Trust: 2.0

url:http://docs.info.apple.com/article.html?artnum=307563

Trust: 2.0

url:http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2008//jul/msg00001.html

Trust: 1.7

url:http://www.securityfocus.com/bid/28290

Trust: 1.7

url:http://secunia.com/advisories/31074

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0920/references

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/0924/references

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/2094/references

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41313

Trust: 1.1

url:http://secunia.com/advisories/15884/

Trust: 0.9

url:http://secunia.com/advisories/15852/

Trust: 0.9

url:http://www.hardened-php.net/advisory-022005.php

Trust: 0.8

url:http://secunia.com/advisories/15861/

Trust: 0.8

url:http://secunia.com/advisories/15862/

Trust: 0.8

url:http://secunia.com/advisories/15895/

Trust: 0.8

url:http://secunia.com/advisories/15883/

Trust: 0.8

url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699

Trust: 0.8

url:http://secunia.com/advisories/15855/

Trust: 0.8

url:http://secunia.com/advisories/15810/

Trust: 0.8

url:http://secunia.com/advisories/15872/

Trust: 0.8

url:http://secunia.com/advisories/15922/

Trust: 0.8

url:http://securitytracker.com/alerts/2005/jun/1014327.html

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00088-07022005

Trust: 0.8

url:http://www.gulftech.org/?node=research&article_id=00087-07012005

Trust: 0.8

url:http://www.securityfocus.com/bid/14088

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0050

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/0920

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/0924

Trust: 0.8

url:http://jvn.jp/cert/jvnta08-079a/index.html

Trust: 0.8

url:http://jvn.jp/tr/trta08-079a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0050

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa08-079a.html

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/41313

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/2094/references

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/0924/references

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/0920/references

Trust: 0.6

url:http://www.apple.com/safari/download/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/4577/

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://sourceforge.net/project/showfiles.php?group_id=36679

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-30175 // BID: 28356 // JVNDB: JVNDB-2008-001198 // PACKETSTORM: 38390 // CNNVD: CNNVD-200803-265 // NVD: CVE-2008-0050

CREDITS

Robert Swiecki robert@swiecki.netAdam BarthCollin Jackson collinj@cs.stanford.eduEric SeidelTavis Ormandy taviso@gentoo.orgWill Drewry wad@google.com

Trust: 0.6

sources: CNNVD: CNNVD-200803-265

SOURCES

db:CERT/CCid:VU#442845
db:VULHUBid:VHN-30175
db:BIDid:28356
db:JVNDBid:JVNDB-2008-001198
db:PACKETSTORMid:38390
db:CNNVDid:CNNVD-200803-265
db:NVDid:CVE-2008-0050

LAST UPDATE DATE

2024-11-22T22:32:15.874000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:VULHUBid:VHN-30175date:2017-08-08T00:00:00
db:BIDid:28356date:2015-05-07T18:20:00
db:JVNDBid:JVNDB-2008-001198date:2008-07-29T00:00:00
db:CNNVDid:CNNVD-200803-265date:2008-10-11T00:00:00
db:NVDid:CVE-2008-0050date:2017-08-08T01:29:19.883

SOURCES RELEASE DATE

db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:VULHUBid:VHN-30175date:2008-03-18T00:00:00
db:BIDid:28356date:2008-03-18T00:00:00
db:JVNDBid:JVNDB-2008-001198date:2008-04-08T00:00:00
db:PACKETSTORMid:38390date:2005-07-01T23:31:00
db:CNNVDid:CNNVD-200803-265date:2008-03-18T00:00:00
db:NVDid:CVE-2008-0050date:2008-03-18T22:44:00