ID

VAR-201312-0207


CVE

CVE-2013-6420


TITLE

PHP of ext/openssl/openssl.c Inside asn1_time_to_time_t Vulnerability in arbitrary code execution in function

Trust: 0.8

sources: JVNDB: JVNDB-2013-005585

DESCRIPTION

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. PHP is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to run arbitrary code within the context of the PHP process. Failed exploit attempts may result in a denial-of-service condition. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The vulnerability is caused by the openssl_x509_parse() function not correctly parsing the notBefore and notAfter timestamps in the X.509 certificate. The following versions are affected: PHP prior to 5.3.28, 5.4.x prior to 5.4.23, 5.5.x prior to 5.5.7. ============================================================================ Ubuntu Security Notice USN-2055-1 December 12, 2013 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1 php5-cgi 5.5.3+dfsg-1ubuntu2.1 php5-cli 5.5.3+dfsg-1ubuntu2.1 Ubuntu 13.04: libapache2-mod-php5 5.4.9-4ubuntu2.4 php5-cgi 5.4.9-4ubuntu2.4 php5-cli 5.4.9-4ubuntu2.4 Ubuntu 12.10: libapache2-mod-php5 5.4.6-1ubuntu1.5 php5-cgi 5.4.6-1ubuntu1.5 php5-cli 5.4.6-1ubuntu1.5 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.9 php5-cgi 5.3.10-1ubuntu3.9 php5-cli 5.3.10-1ubuntu3.9 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.22 php5-cgi 5.3.2-1ubuntu4.22 php5-cli 5.3.2-1ubuntu4.22 In general, a standard system update will make all the necessary changes. Release Date: 2014-09-30 Last Updated: 2014-09-30 Potential Security Impact: Cross-site scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. References: CVE-2013-4545 Unauthorized modification CVE-2013-6420 (SSRT101447) Unauthorized disclosure of information CVE-2013-6422 Unauthorized disclosure of information CVE-2013-6712 (SSRT101447) Denial of Service (DoS) CVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS) CVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF) CVE-2014-2642 (SSRT101701) Clickjacking SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) for Linux and Windows prior to version 7.4 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4545 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-6420 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-6422 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-6712 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-2640 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2641 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2014-2642 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH) for Linux and Windows: http://h18013.www1.hp.com/products/servers/management/agents/ HISTORY Version:1 (rev.1) - 30 September 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.24-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.24-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.24-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.24-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.24-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.24-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.24-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 1c864df50286602ccb2d3efbabb9d7ec php-5.4.24-i486-1_slack14.0.txz Slackware x86_64 14.0 package: cc0f365855b83708c82a84ea44a4ad21 php-5.4.24-x86_64-1_slack14.0.txz Slackware 14.1 package: 1091912280ef2fbe271da2aa304dba36 php-5.4.24-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 22b91ef0428a15b3124c5b4fb911b1bc php-5.4.24-x86_64-1_slack14.1.txz Slackware -current package: f306c21609d14c7380295d63054d8f46 n/php-5.4.24-i486-1.txz Slackware x86_64 -current package: 3cb4ff4fdaba44aa5ed3a946adbe9c9f n/php-5.4.24-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.24-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2013:1814-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1814.html Issue date: 2013-12-11 CVE Names: CVE-2011-1398 CVE-2012-2688 CVE-2013-1643 CVE-2013-6420 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 828051 - CVE-2012-2688 php: Integer Signedness issues in _php_stream_scandir 853329 - CVE-2011-1398 PHP: sapi_header_op() %0D sequence handling security bypass 918187 - CVE-2013-1643 php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse() 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-43.el5_10.src.rpm i386: php-5.1.6-43.el5_10.i386.rpm php-bcmath-5.1.6-43.el5_10.i386.rpm php-cli-5.1.6-43.el5_10.i386.rpm php-common-5.1.6-43.el5_10.i386.rpm php-dba-5.1.6-43.el5_10.i386.rpm php-debuginfo-5.1.6-43.el5_10.i386.rpm php-devel-5.1.6-43.el5_10.i386.rpm php-gd-5.1.6-43.el5_10.i386.rpm php-imap-5.1.6-43.el5_10.i386.rpm php-ldap-5.1.6-43.el5_10.i386.rpm php-mbstring-5.1.6-43.el5_10.i386.rpm php-mysql-5.1.6-43.el5_10.i386.rpm php-ncurses-5.1.6-43.el5_10.i386.rpm php-odbc-5.1.6-43.el5_10.i386.rpm php-pdo-5.1.6-43.el5_10.i386.rpm php-pgsql-5.1.6-43.el5_10.i386.rpm php-snmp-5.1.6-43.el5_10.i386.rpm php-soap-5.1.6-43.el5_10.i386.rpm php-xml-5.1.6-43.el5_10.i386.rpm php-xmlrpc-5.1.6-43.el5_10.i386.rpm x86_64: php-5.1.6-43.el5_10.x86_64.rpm php-bcmath-5.1.6-43.el5_10.x86_64.rpm php-cli-5.1.6-43.el5_10.x86_64.rpm php-common-5.1.6-43.el5_10.x86_64.rpm php-dba-5.1.6-43.el5_10.x86_64.rpm php-debuginfo-5.1.6-43.el5_10.x86_64.rpm php-devel-5.1.6-43.el5_10.x86_64.rpm php-gd-5.1.6-43.el5_10.x86_64.rpm php-imap-5.1.6-43.el5_10.x86_64.rpm php-ldap-5.1.6-43.el5_10.x86_64.rpm php-mbstring-5.1.6-43.el5_10.x86_64.rpm php-mysql-5.1.6-43.el5_10.x86_64.rpm php-ncurses-5.1.6-43.el5_10.x86_64.rpm php-odbc-5.1.6-43.el5_10.x86_64.rpm php-pdo-5.1.6-43.el5_10.x86_64.rpm php-pgsql-5.1.6-43.el5_10.x86_64.rpm php-snmp-5.1.6-43.el5_10.x86_64.rpm php-soap-5.1.6-43.el5_10.x86_64.rpm php-xml-5.1.6-43.el5_10.x86_64.rpm php-xmlrpc-5.1.6-43.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-43.el5_10.src.rpm i386: php-5.1.6-43.el5_10.i386.rpm php-bcmath-5.1.6-43.el5_10.i386.rpm php-cli-5.1.6-43.el5_10.i386.rpm php-common-5.1.6-43.el5_10.i386.rpm php-dba-5.1.6-43.el5_10.i386.rpm php-debuginfo-5.1.6-43.el5_10.i386.rpm php-devel-5.1.6-43.el5_10.i386.rpm php-gd-5.1.6-43.el5_10.i386.rpm php-imap-5.1.6-43.el5_10.i386.rpm php-ldap-5.1.6-43.el5_10.i386.rpm php-mbstring-5.1.6-43.el5_10.i386.rpm php-mysql-5.1.6-43.el5_10.i386.rpm php-ncurses-5.1.6-43.el5_10.i386.rpm php-odbc-5.1.6-43.el5_10.i386.rpm php-pdo-5.1.6-43.el5_10.i386.rpm php-pgsql-5.1.6-43.el5_10.i386.rpm php-snmp-5.1.6-43.el5_10.i386.rpm php-soap-5.1.6-43.el5_10.i386.rpm php-xml-5.1.6-43.el5_10.i386.rpm php-xmlrpc-5.1.6-43.el5_10.i386.rpm ia64: php-5.1.6-43.el5_10.ia64.rpm php-bcmath-5.1.6-43.el5_10.ia64.rpm php-cli-5.1.6-43.el5_10.ia64.rpm php-common-5.1.6-43.el5_10.ia64.rpm php-dba-5.1.6-43.el5_10.ia64.rpm php-debuginfo-5.1.6-43.el5_10.ia64.rpm php-devel-5.1.6-43.el5_10.ia64.rpm php-gd-5.1.6-43.el5_10.ia64.rpm php-imap-5.1.6-43.el5_10.ia64.rpm php-ldap-5.1.6-43.el5_10.ia64.rpm php-mbstring-5.1.6-43.el5_10.ia64.rpm php-mysql-5.1.6-43.el5_10.ia64.rpm php-ncurses-5.1.6-43.el5_10.ia64.rpm php-odbc-5.1.6-43.el5_10.ia64.rpm php-pdo-5.1.6-43.el5_10.ia64.rpm php-pgsql-5.1.6-43.el5_10.ia64.rpm php-snmp-5.1.6-43.el5_10.ia64.rpm php-soap-5.1.6-43.el5_10.ia64.rpm php-xml-5.1.6-43.el5_10.ia64.rpm php-xmlrpc-5.1.6-43.el5_10.ia64.rpm ppc: php-5.1.6-43.el5_10.ppc.rpm php-bcmath-5.1.6-43.el5_10.ppc.rpm php-cli-5.1.6-43.el5_10.ppc.rpm php-common-5.1.6-43.el5_10.ppc.rpm php-dba-5.1.6-43.el5_10.ppc.rpm php-debuginfo-5.1.6-43.el5_10.ppc.rpm php-devel-5.1.6-43.el5_10.ppc.rpm php-gd-5.1.6-43.el5_10.ppc.rpm php-imap-5.1.6-43.el5_10.ppc.rpm php-ldap-5.1.6-43.el5_10.ppc.rpm php-mbstring-5.1.6-43.el5_10.ppc.rpm php-mysql-5.1.6-43.el5_10.ppc.rpm php-ncurses-5.1.6-43.el5_10.ppc.rpm php-odbc-5.1.6-43.el5_10.ppc.rpm php-pdo-5.1.6-43.el5_10.ppc.rpm php-pgsql-5.1.6-43.el5_10.ppc.rpm php-snmp-5.1.6-43.el5_10.ppc.rpm php-soap-5.1.6-43.el5_10.ppc.rpm php-xml-5.1.6-43.el5_10.ppc.rpm php-xmlrpc-5.1.6-43.el5_10.ppc.rpm s390x: php-5.1.6-43.el5_10.s390x.rpm php-bcmath-5.1.6-43.el5_10.s390x.rpm php-cli-5.1.6-43.el5_10.s390x.rpm php-common-5.1.6-43.el5_10.s390x.rpm php-dba-5.1.6-43.el5_10.s390x.rpm php-debuginfo-5.1.6-43.el5_10.s390x.rpm php-devel-5.1.6-43.el5_10.s390x.rpm php-gd-5.1.6-43.el5_10.s390x.rpm php-imap-5.1.6-43.el5_10.s390x.rpm php-ldap-5.1.6-43.el5_10.s390x.rpm php-mbstring-5.1.6-43.el5_10.s390x.rpm php-mysql-5.1.6-43.el5_10.s390x.rpm php-ncurses-5.1.6-43.el5_10.s390x.rpm php-odbc-5.1.6-43.el5_10.s390x.rpm php-pdo-5.1.6-43.el5_10.s390x.rpm php-pgsql-5.1.6-43.el5_10.s390x.rpm php-snmp-5.1.6-43.el5_10.s390x.rpm php-soap-5.1.6-43.el5_10.s390x.rpm php-xml-5.1.6-43.el5_10.s390x.rpm php-xmlrpc-5.1.6-43.el5_10.s390x.rpm x86_64: php-5.1.6-43.el5_10.x86_64.rpm php-bcmath-5.1.6-43.el5_10.x86_64.rpm php-cli-5.1.6-43.el5_10.x86_64.rpm php-common-5.1.6-43.el5_10.x86_64.rpm php-dba-5.1.6-43.el5_10.x86_64.rpm php-debuginfo-5.1.6-43.el5_10.x86_64.rpm php-devel-5.1.6-43.el5_10.x86_64.rpm php-gd-5.1.6-43.el5_10.x86_64.rpm php-imap-5.1.6-43.el5_10.x86_64.rpm php-ldap-5.1.6-43.el5_10.x86_64.rpm php-mbstring-5.1.6-43.el5_10.x86_64.rpm php-mysql-5.1.6-43.el5_10.x86_64.rpm php-ncurses-5.1.6-43.el5_10.x86_64.rpm php-odbc-5.1.6-43.el5_10.x86_64.rpm php-pdo-5.1.6-43.el5_10.x86_64.rpm php-pgsql-5.1.6-43.el5_10.x86_64.rpm php-snmp-5.1.6-43.el5_10.x86_64.rpm php-soap-5.1.6-43.el5_10.x86_64.rpm php-xml-5.1.6-43.el5_10.x86_64.rpm php-xmlrpc-5.1.6-43.el5_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1398.html https://www.redhat.com/security/data/cve/CVE-2012-2688.html https://www.redhat.com/security/data/cve/CVE-2013-1643.html https://www.redhat.com/security/data/cve/CVE-2013-6420.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSp/lUXlSAg2UNWIIRAg3qAKCLrXnldIIb+gT/ejo0mArGTwf5/wCeKWU6 7KTGqsotCnj/o6YIFWGea9k= =hKGM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse(). CVE-2013-6712 Creating DateInterval objects from parsed ISO dates was not properly restricted, which allowed to cause a denial of service. In addition, the update for Debian 7 "Wheezy" contains several bugfixes originally targeted for the upcoming Wheezy point release. For the oldstable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze18. For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u7. For the unstable distribution (sid), these problems have been fixed in version 5.5.6+dfsg-2. We recommend that you upgrade your php5 packages. 4 ELS) - i386, x86_64 3

Trust: 2.7

sources: NVD: CVE-2013-6420 // JVNDB: JVNDB-2013-005585 // BID: 64225 // VULHUB: VHN-66422 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 128505 // PACKETSTORM: 124776 // PACKETSTORM: 124382 // PACKETSTORM: 124406 // PACKETSTORM: 124391 // PACKETSTORM: 124389

AFFECTED PRODUCTS

vendor:phpmodel:phpscope:eqversion:5.4.3

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.4.2

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.4.1

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.13

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.12

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.9

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.8

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.7

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.6

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.5

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.2

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.1

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.4

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.3

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.11

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.3.10

Trust: 1.3

vendor:phpmodel:phpscope:eqversion:5.4.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.24

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.14

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.25

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.5.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.19

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.15

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.5.6

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.12

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.16

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.18

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.5.5

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.19

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.26

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.11

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.21

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.14

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.5.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.18

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.6

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.16

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.21

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.20

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.5.4

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.23

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.8

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.9.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.0

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.17

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.15

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.17

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:phpmodel:phpscope:lteversion:5.3.27

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.9

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.2

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.22

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.22

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.5.3

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.4.13

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.3.20

Trust: 1.0

vendor:the php groupmodel:phpscope:eqversion:5.4.23

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8.5

Trust: 0.8

vendor:the php groupmodel:phpscope:ltversion:5.5.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9.1

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:5.5.7

Trust: 0.8

vendor:the php groupmodel:phpscope:ltversion:5.4.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7.5

Trust: 0.8

vendor:ubuntumodel:linux ltsscope:eqversion:10.04

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.3

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.17

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.15

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.13

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.12

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.11

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.10

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.9

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.8

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.7

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.5

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.4

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.3

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.2

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.1.6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.2.14

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

sources: BID: 64225 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6420
value: HIGH

Trust: 1.0

NVD: CVE-2013-6420
value: HIGH

Trust: 0.8

VULHUB: VHN-66422
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6420
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66422
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-66422 // JVNDB: JVNDB-2013-005585 // NVD: CVE-2013-6420

THREAT TYPE

remote

Trust: 0.4

sources: PACKETSTORM: 124384 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389

TYPE

arbitrary

Trust: 0.5

sources: PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005585

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-66422

PATCH

title:APPLE-SA-2014-02-25-1url:http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html

Trust: 0.8

title:HT6150url:http://support.apple.com/kb/HT6150

Trust: 0.8

title:HT6150url:http://support.apple.com/kb/HT6150?viewlocale=ja_JP

Trust: 0.8

title:InterWorx Version 5.0.14 Released on Beta Channel!url:http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!

Trust: 0.8

title:Bug 1036830url:https://bugzilla.redhat.com/show_bug.cgi?id=1036830

Trust: 0.8

title:Multiple Buffer Errors vulnerabilities in PHPurl:https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in1

Trust: 0.8

title:Fix CVE-2013-6420 - memory corruption in openssl_x509_parseurl:http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415

Trust: 0.8

title:PHP 5 ChangeLogurl:http://www.php.net/ChangeLog-5.php

Trust: 0.8

sources: JVNDB: JVNDB-2013-005585

EXTERNAL IDS

db:NVDid:CVE-2013-6420

Trust: 3.0

db:BIDid:64225

Trust: 1.4

db:SECTRACKid:1029472

Trust: 1.1

db:SECUNIAid:59652

Trust: 1.1

db:JVNid:JVNVU95868425

Trust: 0.8

db:JVNDBid:JVNDB-2013-005585

Trust: 0.8

db:PACKETSTORMid:124391

Trust: 0.2

db:PACKETSTORMid:124776

Trust: 0.2

db:PACKETSTORMid:124389

Trust: 0.2

db:PACKETSTORMid:124384

Trust: 0.2

db:PACKETSTORMid:124407

Trust: 0.2

db:PACKETSTORMid:124406

Trust: 0.2

db:PACKETSTORMid:124532

Trust: 0.1

db:PACKETSTORMid:124390

Trust: 0.1

db:PACKETSTORMid:124383

Trust: 0.1

db:PACKETSTORMid:124436

Trust: 0.1

db:SEEBUGid:SSVID-83792

Trust: 0.1

db:EXPLOIT-DBid:30395

Trust: 0.1

db:CNNVDid:CNNVD-201312-348

Trust: 0.1

db:VULHUBid:VHN-66422

Trust: 0.1

db:PACKETSTORMid:128505

Trust: 0.1

db:PACKETSTORMid:124382

Trust: 0.1

sources: VULHUB: VHN-66422 // BID: 64225 // JVNDB: JVNDB-2013-005585 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 128505 // PACKETSTORM: 124776 // PACKETSTORM: 124382 // PACKETSTORM: 124406 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // NVD: CVE-2013-6420

REFERENCES

url:https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html

Trust: 1.9

url:http://rhn.redhat.com/errata/rhsa-2013-1815.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-1825.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-1826.html

Trust: 1.2

url:http://www.ubuntu.com/usn/usn-2055-1

Trust: 1.2

url:http://www.securityfocus.com/bid/64225

Trust: 1.1

url:http://forums.interworx.com/threads/8000-interworx-version-5-0-14-released-on-beta-channel%21

Trust: 1.1

url:http://support.apple.com/kb/ht6150

Trust: 1.1

url:http://www.php.net/changelog-5.php

Trust: 1.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1036830

Trust: 1.1

url:http://www.debian.org/security/2013/dsa-2816

Trust: 1.1

url:https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04463322

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2013-1813.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2013-1824.html

Trust: 1.1

url:http://www.securitytracker.com/id/1029472

Trust: 1.1

url:http://secunia.com/advisories/59652

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html

Trust: 1.1

url:http://git.php.net/?p=php-src.git%3ba=commit%3bh=c1224573c773b6845e83505f717fbf820fc18415

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6420

Trust: 0.9

url:http://jvn.jp/vu/jvnvu95868425/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6420

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2013-6420

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/team/key/#package

Trust: 0.4

url:https://access.redhat.com/site/articles/11258

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-6420.html

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:http://www.php.net/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-6712

Trust: 0.3

url:http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.4.9-4ubuntu2.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.22

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.5

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-6422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4545

Trust: 0.1

url:http://h18013.www1.hp.com/products/servers/management/agents/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2642

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2688

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1398.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1643

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1398

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2013-1814.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-2688.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1643.html

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

sources: VULHUB: VHN-66422 // BID: 64225 // JVNDB: JVNDB-2013-005585 // PACKETSTORM: 124384 // PACKETSTORM: 124407 // PACKETSTORM: 128505 // PACKETSTORM: 124776 // PACKETSTORM: 124382 // PACKETSTORM: 124406 // PACKETSTORM: 124391 // PACKETSTORM: 124389 // NVD: CVE-2013-6420

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 124384 // PACKETSTORM: 124382 // PACKETSTORM: 124391 // PACKETSTORM: 124389

SOURCES

db:VULHUBid:VHN-66422
db:BIDid:64225
db:JVNDBid:JVNDB-2013-005585
db:PACKETSTORMid:124384
db:PACKETSTORMid:124407
db:PACKETSTORMid:128505
db:PACKETSTORMid:124776
db:PACKETSTORMid:124382
db:PACKETSTORMid:124406
db:PACKETSTORMid:124391
db:PACKETSTORMid:124389
db:NVDid:CVE-2013-6420

LAST UPDATE DATE

2024-11-12T21:41:39.093000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-66422date:2018-10-30T00:00:00
db:BIDid:64225date:2015-07-15T00:13:00
db:JVNDBid:JVNDB-2013-005585date:2015-08-10T00:00:00
db:NVDid:CVE-2013-6420date:2023-11-07T02:17:11.400

SOURCES RELEASE DATE

db:VULHUBid:VHN-66422date:2013-12-17T00:00:00
db:BIDid:64225date:2013-12-09T00:00:00
db:JVNDBid:JVNDB-2013-005585date:2013-12-18T00:00:00
db:PACKETSTORMid:124384date:2013-12-11T06:56:45
db:PACKETSTORMid:124407date:2013-12-14T00:04:46
db:PACKETSTORMid:128505date:2014-10-01T19:15:04
db:PACKETSTORMid:124776date:2014-01-14T14:44:00
db:PACKETSTORMid:124382date:2013-12-11T06:56:03
db:PACKETSTORMid:124406date:2013-12-14T00:04:19
db:PACKETSTORMid:124391date:2013-12-12T04:29:50
db:PACKETSTORMid:124389date:2013-12-12T04:29:33
db:NVDid:CVE-2013-6420date:2013-12-17T04:46:45.877