Sign-up

ID

VAR-200803-0016


CVE

CVE-2008-0050


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. An attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15884 VERIFY ADVISORY: http://secunia.com/advisories/15884/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/ DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-0050 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001198 // BID: 28356 // VULHUB: VHN-30175 // PACKETSTORM: 38390

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.11

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.11

Trust: 1.6

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:ltversion:version

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.2

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:neversion:2.0

Trust: 0.3

sources: CERT/CC: VU#442845 // BID: 28356 // JVNDB: JVNDB-2008-001198 // CNNVD: CNNVD-200803-265 // NVD: CVE-2008-0050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0050
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-0050
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200803-265
value: MEDIUM

Trust: 0.6

VULHUB: VHN-30175
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-0050
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30175
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-30175 // JVNDB: JVNDB-2008-001198 // CNNVD: CNNVD-200803-265 // NVD: CVE-2008-0050

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-30175 // JVNDB: JVNDB-2008-001198 // NVD: CVE-2008-0050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-265

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200803-265

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001198

PATCH
title:Security Update 2008-002url:http://support.apple.com/kb/HT1249?viewlocale=en_US
Trust: 0.8
title:iPhone v2.0 and iPod touch v2.0url:http://support.apple.com/kb/HT2351
Trust: 0.8
title:Safari 3.1url:http://support.apple.com/kb/HT1315
Trust: 0.8
title:Safari 3.1url:http://docs.info.apple.com/article.html?artnum=307563-ja
Trust: 0.8
title:Security Update 2008-002url:http://support.apple.com/kb/HT1249?viewlocale=ja_JP
Trust: 0.8
title:iPhone v2.0 and iPod touch v2.0url:http://support.apple.com/kb/HT2351?viewlocale=ja_JP&locale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001198

EXTERNAL IDS
db:BIDid:28356
Trust: 2.8
db:NVDid:CVE-2008-0050
Trust: 2.8
db:SECUNIAid:29420
Trust: 2.5
db:SECTRACKid:1019655
Trust: 2.5
db:USCERTid:TA08-079A
Trust: 2.5
db:SECUNIAid:31074
Trust: 1.7
db:VUPENid:ADV-2008-2094
Trust: 1.7
db:VUPENid:ADV-2008-0920
Trust: 1.7
db:VUPENid:ADV-2008-0924
Trust: 1.7
db:BIDid:28290
Trust: 1.7
db:SECUNIAid:15884
Trust: 0.9
db:SECUNIAid:15810
Trust: 0.8
db:SECUNIAid:15922
Trust: 0.8
db:SECUNIAid:15852
Trust: 0.8
db:SECUNIAid:15855
Trust: 0.8
db:SECUNIAid:15861
Trust: 0.8
db:SECUNIAid:15862
Trust: 0.8
db:SECUNIAid:15872
Trust: 0.8
db:SECUNIAid:15883
Trust: 0.8
db:SECUNIAid:15895
Trust: 0.8
db:BIDid:14088
Trust: 0.8
db:SECTRACKid:1014327
Trust: 0.8
db:CERT/CCid:VU#442845
Trust: 0.8
db:USCERTid:SA08-079A
Trust: 0.8
db:JVNDBid:JVNDB-2008-001198
Trust: 0.8
db:CNNVDid:CNNVD-200803-265
Trust: 0.7
db:CERT/CCid:TA08-079A
Trust: 0.6
db:APPLEid:APPLE-SA-2008-03-18
Trust: 0.6
db:APPLEid:APPLE-SA-2008-07-11
Trust: 0.6
db:XFid:502
Trust: 0.6
db:XFid:41313
Trust: 0.6
db:VULHUBid:VHN-30175
Trust: 0.1
db:PACKETSTORMid:38390
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-30175 // 
            
            
            
            BID: 28356 // 
            
            
            
            JVNDB: JVNDB-2008-001198 // 
            
            
            
            PACKETSTORM: 38390 // 
            
            
            
            CNNVD: CNNVD-200803-265 // 
            
            
            
            NVD: CVE-2008-0050

REFERENCES
url:http://www.securityfocus.com/bid/28356
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta08-079a.html
Trust: 2.5
url:http://www.securitytracker.com/id?1019655
Trust: 2.5
url:http://secunia.com/advisories/29420
Trust: 2.5
url:http://docs.info.apple.com/article.html?artnum=307562
Trust: 2.0
url:http://docs.info.apple.com/article.html?artnum=307563
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2008//jul/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/28290
Trust: 1.7
url:http://secunia.com/advisories/31074
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/0920/references
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/0924/references
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/2094/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41313
Trust: 1.1
url:http://secunia.com/advisories/15884/
Trust: 0.9
url:http://secunia.com/advisories/15852/
Trust: 0.9
url:http://www.hardened-php.net/advisory-022005.php
Trust: 0.8
url:http://secunia.com/advisories/15861/
Trust: 0.8
url:http://secunia.com/advisories/15862/
Trust: 0.8
url:http://secunia.com/advisories/15895/
Trust: 0.8
url:http://secunia.com/advisories/15883/
Trust: 0.8
url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699
Trust: 0.8
url:http://secunia.com/advisories/15855/
Trust: 0.8
url:http://secunia.com/advisories/15810/
Trust: 0.8
url:http://secunia.com/advisories/15872/
Trust: 0.8
url:http://secunia.com/advisories/15922/
Trust: 0.8
url:http://securitytracker.com/alerts/2005/jun/1014327.html
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00088-07022005
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00087-07012005
Trust: 0.8
url:http://www.securityfocus.com/bid/14088
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0050
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/0920
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/0924
Trust: 0.8
url:http://jvn.jp/cert/jvnta08-079a/index.html
Trust: 0.8
url:http://jvn.jp/tr/trta08-079a/index.html
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0050
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa08-079a.html
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/41313
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/2094/references
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0924/references
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0920/references
Trust: 0.6
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4577/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://sourceforge.net/project/showfiles.php?group_id=36679
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-30175 // 
            
            
            
            BID: 28356 // 
            
            
            
            JVNDB: JVNDB-2008-001198 // 
            
            
            
            PACKETSTORM: 38390 // 
            
            
            
            CNNVD: CNNVD-200803-265 // 
            
            
            
            NVD: CVE-2008-0050

CREDITS
Robert Swiecki robert@swiecki.netAdam BarthCollin Jackson collinj@cs.stanford.eduEric SeidelTavis Ormandy taviso@gentoo.orgWill Drewry wad@google.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200803-265

SOURCES
db:CERT/CCid:VU#442845
db:VULHUBid:VHN-30175
db:BIDid:28356
db:JVNDBid:JVNDB-2008-001198
db:PACKETSTORMid:38390
db:CNNVDid:CNNVD-200803-265
db:NVDid:CVE-2008-0050

LAST UPDATE DATE
2024-09-06T20:48:29.431000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:VULHUBid:VHN-30175date:2017-08-08T00:00:00
db:BIDid:28356date:2015-05-07T18:20:00
db:JVNDBid:JVNDB-2008-001198date:2008-07-29T00:00:00
db:CNNVDid:CNNVD-200803-265date:2008-10-11T00:00:00
db:NVDid:CVE-2008-0050date:2017-08-08T01:29:19.883

SOURCES RELEASE DATE
db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:VULHUBid:VHN-30175date:2008-03-18T00:00:00
db:BIDid:28356date:2008-03-18T00:00:00
db:JVNDBid:JVNDB-2008-001198date:2008-04-08T00:00:00
db:PACKETSTORMid:38390date:2005-07-01T23:31:00
db:CNNVDid:CNNVD-200803-265date:2008-03-18T00:00:00
db:NVDid:CVE-2008-0050date:2008-03-18T22:44:00