Sign-up

ID

VAR-200811-0015


CVE

CVE-2008-3644


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apple Safari is prone to three security vulnerabilities. Attackers may exploit these issues to execute arbitrary code or obtain sensitive information. Other attacks are also possible. These issues affect versions prior to Safari 3.2 running on Apple Mac OS X 10.4.11 and 10.5.5, Microsoft Windows XP, and Windows Vista. Safari is the web browser bundled by default in the Apple family machine operating system. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15884 VERIFY ADVISORY: http://secunia.com/advisories/15884/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/ DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-3644 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001961 // BID: 32291 // VULHUB: VHN-33769 // PACKETSTORM: 38390

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:0.9

Trust: 1.6

vendor:applemodel:safariscope:eqversion:0.8

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0_pre

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:lteversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4_419.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4_beta

Trust: 1.0

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3_417.9.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope:eqversion:1.0 to 2.1

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:1.1 to 2.1

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3 (mac os x 10.5)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3 (windows)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:windows

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.6

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:neversion:3.0

Trust: 0.3

sources: CERT/CC: VU#442845 // BID: 32291 // JVNDB: JVNDB-2008-001961 // CNNVD: CNNVD-200811-246 // NVD: CVE-2008-3644

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3644
value: LOW

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-3644
value: LOW

Trust: 0.8

CNNVD: CNNVD-200811-246
value: LOW

Trust: 0.6

VULHUB: VHN-33769
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2008-3644
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33769
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-33769 // JVNDB: JVNDB-2008-001961 // CNNVD: CNNVD-200811-246 // NVD: CVE-2008-3644

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-33769 // JVNDB: JVNDB-2008-001961 // NVD: CVE-2008-3644

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200811-246

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200811-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001961

PATCH
title:HT3318url:http://support.apple.com/kb/HT3318
Trust: 0.8
title:HT3298url:http://support.apple.com/kb/HT3298
Trust: 0.8
title:HT3318url:http://support.apple.com/kb/HT3318?viewlocale=ja_JP
Trust: 0.8
title:Apple Safari Remediation measures for user information disclosure vulnerability in page cacheurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156697
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2008-001961 // 
            
            
            
            CNNVD: CNNVD-200811-246

EXTERNAL IDS
db:NVDid:CVE-2008-3644
Trust: 2.8
db:BIDid:32291
Trust: 2.8
db:VUPENid:ADV-2008-3232
Trust: 2.5
db:SECUNIAid:32756
Trust: 2.5
db:SECTRACKid:1021226
Trust: 1.1
db:SECUNIAid:32706
Trust: 1.1
db:SECUNIAid:15884
Trust: 0.9
db:SECUNIAid:15810
Trust: 0.8
db:SECUNIAid:15922
Trust: 0.8
db:SECUNIAid:15852
Trust: 0.8
db:SECUNIAid:15855
Trust: 0.8
db:SECUNIAid:15861
Trust: 0.8
db:SECUNIAid:15862
Trust: 0.8
db:SECUNIAid:15872
Trust: 0.8
db:SECUNIAid:15883
Trust: 0.8
db:SECUNIAid:15895
Trust: 0.8
db:BIDid:14088
Trust: 0.8
db:SECTRACKid:1014327
Trust: 0.8
db:CERT/CCid:VU#442845
Trust: 0.8
db:JVNDBid:JVNDB-2008-001961
Trust: 0.8
db:CNNVDid:CNNVD-200811-246
Trust: 0.7
db:APPLEid:APPLE-SA-2008-11-20
Trust: 0.6
db:APPLEid:APPLE-SA-2008-11-13
Trust: 0.6
db:VULHUBid:VHN-33769
Trust: 0.1
db:PACKETSTORMid:38390
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-33769 // 
            
            
            
            BID: 32291 // 
            
            
            
            JVNDB: JVNDB-2008-001961 // 
            
            
            
            PACKETSTORM: 38390 // 
            
            
            
            CNNVD: CNNVD-200811-246 // 
            
            
            
            NVD: CVE-2008-3644

REFERENCES
url:http://www.securityfocus.com/bid/32291
Trust: 2.5
url:http://secunia.com/advisories/32756
Trust: 2.5
url:http://support.apple.com/kb/ht3298
Trust: 2.0
url:http://support.apple.com/kb/ht3318
Trust: 2.0
url:http://www.vupen.com/english/advisories/2008/3232
Trust: 1.9
url:http://lists.apple.com/archives/security-announce//2008/nov/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2008/nov/msg00002.html
Trust: 1.7
url:http://www.securitytracker.com/id?1021226
Trust: 1.1
url:http://secunia.com/advisories/32706
Trust: 1.1
url:http://secunia.com/advisories/15884/
Trust: 0.9
url:http://secunia.com/advisories/15852/
Trust: 0.9
url:http://www.hardened-php.net/advisory-022005.php
Trust: 0.8
url:http://secunia.com/advisories/15861/
Trust: 0.8
url:http://secunia.com/advisories/15862/
Trust: 0.8
url:http://secunia.com/advisories/15895/
Trust: 0.8
url:http://secunia.com/advisories/15883/
Trust: 0.8
url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699
Trust: 0.8
url:http://secunia.com/advisories/15855/
Trust: 0.8
url:http://secunia.com/advisories/15810/
Trust: 0.8
url:http://secunia.com/advisories/15872/
Trust: 0.8
url:http://secunia.com/advisories/15922/
Trust: 0.8
url:http://securitytracker.com/alerts/2005/jun/1014327.html
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00088-07022005
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00087-07012005
Trust: 0.8
url:http://www.securityfocus.com/bid/14088
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3644
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3644
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/3232
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4577/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://sourceforge.net/project/showfiles.php?group_id=36679
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-33769 // 
            
            
            
            BID: 32291 // 
            
            
            
            JVNDB: JVNDB-2008-001961 // 
            
            
            
            PACKETSTORM: 38390 // 
            
            
            
            CNNVD: CNNVD-200811-246 // 
            
            
            
            NVD: CVE-2008-3644

CREDITS
Billy Rios
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200811-246

SOURCES
db:CERT/CCid:VU#442845
db:VULHUBid:VHN-33769
db:BIDid:32291
db:JVNDBid:JVNDB-2008-001961
db:PACKETSTORMid:38390
db:CNNVDid:CNNVD-200811-246
db:NVDid:CVE-2008-3644

LAST UPDATE DATE
2024-09-19T21:12:21.552000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:VULHUBid:VHN-33769date:2012-10-31T00:00:00
db:BIDid:32291date:2009-06-17T23:39:00
db:JVNDBid:JVNDB-2008-001961date:2008-12-15T00:00:00
db:CNNVDid:CNNVD-200811-246date:2021-07-14T00:00:00
db:NVDid:CVE-2008-3644date:2012-10-31T03:01:47.903

SOURCES RELEASE DATE
db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:VULHUBid:VHN-33769date:2008-11-17T00:00:00
db:BIDid:32291date:2008-11-13T00:00:00
db:JVNDBid:JVNDB-2008-001961date:2008-12-15T00:00:00
db:PACKETSTORMid:38390date:2005-07-01T23:31:00
db:CNNVDid:CNNVD-200811-246date:2008-11-17T00:00:00
db:NVDid:CVE-2008-3644date:2008-11-17T18:18:47.860