{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"PHP ant\u00e9rieur \u00e0 la version 4.4.5 ;","product":{"name":"PHP","vendor":{"name":"PHP","scada":false}}},{"description":"PHP ant\u00e9rieur \u00e0 la version 5.2.1.","product":{"name":"PHP","vendor":{"name":"PHP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nAppliquer les mises \u00e0 jour de s\u00e9curit\u00e9 PHP en passant \u00e0 la version 4.4.5\nou 5.2.1 disponibles aux adresses suivantes :\n\n    http://www.php.net/releases/4_4_5.php\n\n    http://www.php.net/releases/5_2_1.php\n\n  \n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-0988","url":"https://www.cve.org/CVERecord?id=CVE-2007-0988"},{"name":"CVE-2007-1380","url":"https://www.cve.org/CVERecord?id=CVE-2007-1380"},{"name":"CVE-2007-0905","url":"https://www.cve.org/CVERecord?id=CVE-2007-0905"},{"name":"CVE-2007-1452","url":"https://www.cve.org/CVERecord?id=CVE-2007-1452"},{"name":"CVE-2007-1376","url":"https://www.cve.org/CVERecord?id=CVE-2007-1376"},{"name":"CVE-2007-1375","url":"https://www.cve.org/CVERecord?id=CVE-2007-1375"},{"name":"CVE-2007-0907","url":"https://www.cve.org/CVERecord?id=CVE-2007-0907"},{"name":"CVE-2007-0906","url":"https://www.cve.org/CVERecord?id=CVE-2007-0906"},{"name":"CVE-2007-1453","url":"https://www.cve.org/CVERecord?id=CVE-2007-1453"},{"name":"CVE-2007-0909","url":"https://www.cve.org/CVERecord?id=CVE-2007-0909"},{"name":"CVE-2007-0910","url":"https://www.cve.org/CVERecord?id=CVE-2007-0910"},{"name":"CVE-2007-0908","url":"https://www.cve.org/CVERecord?id=CVE-2007-0908"},{"name":"CVE-2007-1383","url":"https://www.cve.org/CVERecord?id=CVE-2007-1383"},{"name":"CVE-2007-1454","url":"https://www.cve.org/CVERecord?id=CVE-2007-1454"},{"name":"CVE-2007-1286","url":"https://www.cve.org/CVERecord?id=CVE-2007-1286"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0076 du 19 f\u00e9vrier    2007 :","url":"http://rhn.redhat.com/errata/RHSA-2007-0076.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA 1264 du 07 mars 2007 :","url":"http://www.debian.org/security/2007/dsa-1264"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0089 du 26 f\u00e9vrier    2007 :","url":"http://rhn.redhat.com/errata/RHSA-2007-0089.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-431-1 du 07 mars 2007 :","url":"http://www.ubuntulinux.org/usn/usn-431-1"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 PHP version 4.4.5 :","url":"http://www.php.net/releases/4_4_5.php"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:048 du 22 f\u00e9vrier    2007 :","url":"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:048"},{"title":"Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-0076 du 06 mars 2007 :","url":"http://support.avaya.com/elmodocs2/security/ASA-2007-0076.htm"},{"title":"Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:020 du 15 mars 2007    :","url":"http://lists.suse.com/archive/archive/suse-security-announce/2007-Mar/0003.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-0088 du 26 mars 2007 :","url":"http://support.avaya.com/elmodocs2/security/ASA-2007-0088.htm"},{"title":"Mise \u00e0 jour de s\u00e9curit\u00e9 PHP version 5.2.1 :","url":"http://www.php.net/releases/5_2_1.php"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-423-1 du 20 f\u00e9vrier 2007 :","url":"http://www.ubuntulinux.org/usn/usn-423-1"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0081 du 21 f\u00e9vrier    2007 :","url":"http://rhn.redhat.com/errata/RHSA-2007-0081.html"}],"reference":"CERTA-2007-AVI-144","revisions":[{"description":"version initiale.","revision_date":"2007-03-27T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans PHP (PHP : Hypertext\nProcessor) permettent \u00e0 un utilisateur distant malintentionn\u00e9 de\nr\u00e9aliser de nombreuses actions malveillantes sur le syst\u00e8me vuln\u00e9rable.\n\n  \n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es \u00e0 distance afin de contourner\nla politique de s\u00e9curit\u00e9, d'ex\u00e9cuter du code arbitraire, de provoquer un\nd\u00e9ni de service en consommant de fa\u00e7on excessive les ressources du\nprocesseur et de porter atteinte \u00e0 la confidentialit\u00e9 et \u00e0 l'int\u00e9grit\u00e9\ndes donn\u00e9es du syst\u00e8me pr\u00e9sentes en m\u00e9moire.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans PHP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200703-21 du 20 mars 2007","url":"http://www.gentoo.org/security/en/glsa/glsa-200703-21.xml"}]}