{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder einen Denial of Service Zustand herbeizuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Linux\n- MacOS X\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-0069 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2015/wid-sec-w-2023-0069.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-0069 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0069"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2023:0072-1 vom 2023-01-12",
      "url" : "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013458.html"
    }, {
      "category" : "external",
      "summary" : "Einträge in der NIST National Vulnerability Database vom 2015-03-30",
      "url" : "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6501"
    }, {
      "category" : "external",
      "summary" : "Einträge in der NIST National Vulnerability Database vom 2015-03-30",
      "url" : "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9705"
    }, {
      "category" : "external",
      "summary" : "Einträge in der NIST National Vulnerability Database vom 2015-03-30",
      "url" : "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9709"
    }, {
      "category" : "external",
      "summary" : "Einträge in der NIST National Vulnerability Database vom 2015-03-30",
      "url" : "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2301"
    }, {
      "category" : "external",
      "summary" : "Einträge in der NIST National Vulnerability Database vom 2015-03-30",
      "url" : "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2787"
    }, {
      "category" : "external",
      "summary" : "Einträge in der NIST National Vulnerability Database vom 2015-03-30",
      "url" : "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2348"
    }, {
      "category" : "external",
      "summary" : "Debian Security Advisory DSA-3215-1 vom 2015-04-07",
      "url" : "https://www.debian.org/security/2015/dsa-3215"
    }, {
      "category" : "external",
      "summary" : "Ubuntu Security Notice USN-2572-1 vom 2015-04-20",
      "url" : "http://www.ubuntu.com/usn/usn-2572-1/"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2015:0835-1 vom 2015-05-09",
      "url" : "https://www.suse.com/support/update/announcement/2015/suse-su-20150835-1.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2015:1053 vom 2015-06-04",
      "url" : "https://rhn.redhat.com/errata/RHSA-2015-1053.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2015:1066-2 vom 2015-06-05",
      "url" : "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
    }, {
      "category" : "external",
      "summary" : "SUSE Security Update SUSE-SU-2015:1018-1 vom 2015-06-09",
      "url" : "https://www.suse.com/support/update/announcement/2015/suse-su-20151018-1.html"
    }, {
      "category" : "external",
      "summary" : "HP-UX  Security Bulletin HPSBUX03337 SSRT102066 rev.1",
      "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04686230"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2015:1135 vom 2015-06-23",
      "url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
    }, {
      "category" : "external",
      "summary" : "Red Hat Security Advisory RHSA-2015:1218-1 vom 2015-07-09",
      "url" : "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
    }, {
      "category" : "external",
      "summary" : "CESA-2015:1218 Moderate CentOS 6 php Security Update vom 2015-07-09",
      "url" : "http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html"
    }, {
      "category" : "external",
      "summary" : "Ubuntu Security Notice USN-2987-1 vom 2016-05-31",
      "url" : "http://www.ubuntu.com/usn/usn-2987-1/"
    }, {
      "category" : "external",
      "summary" : "GENTOO Security Advisory GLSA201607-04 vom 2016-07-16",
      "url" : "https://security.gentoo.org/glsa/201607-04"
    } ],
    "source_lang" : "en-US",
    "title" : "PHP: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2023-01-12T23:00:00.000+00:00",
      "generator" : {
        "date" : "2024-08-15T17:41:13.796+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.5"
        }
      },
      "id" : "WID-SEC-W-2023-0069",
      "initial_release_date" : "2015-03-30T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2015-03-30T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initial Release"
      }, {
        "date" : "2015-03-30T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2015-04-07T22:00:00.000+00:00",
        "number" : "3",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-04-07T22:00:00.000+00:00",
        "number" : "4",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2015-04-20T22:00:00.000+00:00",
        "number" : "5",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-05-10T22:00:00.000+00:00",
        "number" : "6",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-05-10T22:00:00.000+00:00",
        "number" : "7",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2015-06-04T22:00:00.000+00:00",
        "number" : "8",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-06-04T22:00:00.000+00:00",
        "number" : "9",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2015-06-07T22:00:00.000+00:00",
        "number" : "10",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-06-09T22:00:00.000+00:00",
        "number" : "11",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-06-09T22:00:00.000+00:00",
        "number" : "12",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2015-06-11T22:00:00.000+00:00",
        "number" : "13",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-06-11T22:00:00.000+00:00",
        "number" : "14",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2015-06-22T22:00:00.000+00:00",
        "number" : "15",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-07-09T22:00:00.000+00:00",
        "number" : "16",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-07-12T22:00:00.000+00:00",
        "number" : "17",
        "summary" : "New remediations available"
      }, {
        "date" : "2015-07-12T22:00:00.000+00:00",
        "number" : "18",
        "summary" : "Version nicht vorhanden"
      }, {
        "date" : "2016-05-31T22:00:00.000+00:00",
        "number" : "19",
        "summary" : "New remediations available"
      }, {
        "date" : "2016-07-17T22:00:00.000+00:00",
        "number" : "20",
        "summary" : "New remediations available"
      }, {
        "date" : "2023-01-11T23:00:00.000+00:00",
        "number" : "21",
        "summary" : "Neue Updates von SUSE aufgenommen"
      }, {
        "date" : "2023-01-12T23:00:00.000+00:00",
        "number" : "22",
        "summary" : "Bereinigung doppelte Einträge"
      } ],
      "status" : "final",
      "version" : "22"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Debian Linux Wheezy (7.0)",
        "product" : {
          "name" : "Debian Linux Wheezy (7.0)",
          "product_id" : "T001572",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:debian:debian_linux:7.0"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Debian"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "HPE HP-UX",
        "product" : {
          "name" : "HPE HP-UX",
          "product_id" : "4871",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:hp:hp-ux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "HPE"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Open Source CentOS",
        "product" : {
          "name" : "Open Source CentOS",
          "product_id" : "1727",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:centos:centos:-"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_name",
          "name" : "Open Source PHP < 5.6.7",
          "product" : {
            "name" : "Open Source PHP < 5.6.7",
            "product_id" : "T004556",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:php:php:5.6.7"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Open Source PHP < 5.4.39",
          "product" : {
            "name" : "Open Source PHP < 5.4.39",
            "product_id" : "T004683",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:php:php:5.4.39"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Open Source PHP < 5.5.23",
          "product" : {
            "name" : "Open Source PHP < 5.5.23",
            "product_id" : "T004684",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:php:php:5.5.23"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "PHP"
      } ],
      "category" : "vendor",
      "name" : "Open Source"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_name",
          "name" : "Red Hat Enterprise Linux 7",
          "product" : {
            "name" : "Red Hat Enterprise Linux 7",
            "product_id" : "T003303",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:redhat:enterprise_linux:7"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Red Hat Enterprise Linux 6",
          "product" : {
            "name" : "Red Hat Enterprise Linux 6",
            "product_id" : "T004908",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:redhat:enterprise_linux:6"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Enterprise Linux"
      } ],
      "category" : "vendor",
      "name" : "Red Hat"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "SUSE Linux",
        "product" : {
          "name" : "SUSE Linux",
          "product_id" : "T002207",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:suse:suse_linux:-"
          }
        }
      }, {
        "category" : "product_name",
        "name" : "SUSE Linux Enterprise Desktop 11 SP3",
        "product" : {
          "name" : "SUSE Linux Enterprise Desktop 11 SP3",
          "product_id" : "T002224",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:suse:linux_enterprise_desktop:11:sp3"
          }
        }
      }, {
        "branches" : [ {
          "category" : "product_name",
          "name" : "SUSE Linux Enterprise Server 11 SP3",
          "product" : {
            "name" : "SUSE Linux Enterprise Server 11 SP3",
            "product_id" : "T002223",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:suse:linux_enterprise_server:11:sp3"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "SUSE Linux Enterprise Server 11 SP3 for VMware",
          "product" : {
            "name" : "SUSE Linux Enterprise Server 11 SP3 for VMware",
            "product_id" : "T003171",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:suse:linux_enterprise_server:11:sp3:vmware"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Linux Enterprise Server"
      } ],
      "category" : "vendor",
      "name" : "SUSE"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Ubuntu Linux",
        "product" : {
          "name" : "Ubuntu Linux",
          "product_id" : "T000126",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:canonical:ubuntu_linux:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Ubuntu"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2015-2787",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in PHP. Ein angemeldeter oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand zu verursachen oder beliebigen Code mit Nutzerrechten zur Ausführung zu bringen."
    } ],
    "product_status" : {
      "known_affected" : [ "T004908", "T002207", "4871", "T000126", "T003303", "T002224", "T002223", "1727", "T001572", "T003171" ]
    },
    "release_date" : "2015-03-30T22:00:00.000+00:00",
    "title" : "CVE-2015-2787"
  }, {
    "cve" : "CVE-2015-2348",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in PHP. Ein angemeldeter oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand zu verursachen oder beliebigen Code mit Nutzerrechten zur Ausführung zu bringen."
    } ],
    "product_status" : {
      "known_affected" : [ "T004908", "T002207", "4871", "T000126", "T003303", "T002224", "T002223", "1727", "T001572", "T003171" ]
    },
    "release_date" : "2015-03-30T22:00:00.000+00:00",
    "title" : "CVE-2015-2348"
  }, {
    "cve" : "CVE-2015-2301",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in PHP. Ein angemeldeter oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand zu verursachen oder beliebigen Code mit Nutzerrechten zur Ausführung zu bringen."
    } ],
    "product_status" : {
      "known_affected" : [ "T004908", "T002207", "4871", "T000126", "T003303", "T002224", "T002223", "1727", "T001572", "T003171" ]
    },
    "release_date" : "2015-03-30T22:00:00.000+00:00",
    "title" : "CVE-2015-2301"
  }, {
    "cve" : "CVE-2014-9709",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in PHP. Ein angemeldeter oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand zu verursachen oder beliebigen Code mit Nutzerrechten zur Ausführung zu bringen."
    } ],
    "product_status" : {
      "known_affected" : [ "T004908", "T002207", "4871", "T000126", "T003303", "T002224", "T002223", "1727", "T001572", "T003171" ]
    },
    "release_date" : "2015-03-30T22:00:00.000+00:00",
    "title" : "CVE-2014-9709"
  }, {
    "cve" : "CVE-2014-9705",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in PHP. Ein angemeldeter oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand zu verursachen oder beliebigen Code mit Nutzerrechten zur Ausführung zu bringen."
    } ],
    "product_status" : {
      "known_affected" : [ "T004908", "T002207", "4871", "T000126", "T003303", "T002224", "T002223", "1727", "T001572", "T003171" ]
    },
    "release_date" : "2015-03-30T22:00:00.000+00:00",
    "title" : "CVE-2014-9705"
  }, {
    "cve" : "CVE-2013-6501",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existieren mehrere Schwachstellen in PHP. Ein angemeldeter oder entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand zu verursachen oder beliebigen Code mit Nutzerrechten zur Ausführung zu bringen."
    } ],
    "product_status" : {
      "known_affected" : [ "T004908", "T002207", "4871", "T000126", "T003303", "T002224", "T002223", "1727", "T001572", "T003171" ]
    },
    "release_date" : "2015-03-30T22:00:00.000+00:00",
    "title" : "CVE-2013-6501"
  } ]
}