漏洞版本:

PHP 5.3.27

PHP 5.4.17

PHP 5.5.1

漏洞描述:

Bugtraq ID:61776

PHP是一种HTML内嵌式的脚本语言

PHP SSL模块不正确处理服务器SSL证书中"subjectAltNames"通用名中的空字节,允许攻击者利用漏洞进行中间人攻击,获取敏感信息

安全建议:

厂商解决方案

用户可参考如下厂商提供的安全补丁以修复该漏洞:

http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755

http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897

http://git.php.net/?p=php-src.git;a=commit;h=2b9f5ac2525118bab372d5fc66eb19cabc46f483

PHP SSL Module "subjectAltNames"空字节处理安全绕过漏洞的更多相关文章

  1. Nginx %00空字节执行php漏洞

    Nginx如下版本:0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37在使用PHP-FastCGI执行php的时候,URL里面在遇到%00空字节时与Fas ...

  2. pip cannot confirm SSL certificate: SSL module is not available

    centos6.8编译安装python2.7之后,使用pip报错:pip cannot confirm SSL certificate: SSL module is not available 解决方 ...

  3. pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

    # 背景 安装pip后发现执行pip install pytest,提示下面错误 pip is configured with locations that require TLS/SSL, howe ...

  4. python3.6 SSL module is not available

    pip is configured with locations that require TLS/SSL, however the ssl module in Python is not avail ...

  5. the ssl module in Python is not available错误解决

    在使用pip安装pymongo的过程中报错,提示如下: $ pip3 install pymongo pip is configured with locations that require TLS ...

  6. centos7中python3.6报错ModuleNotFoundError: No module named '_ssl' 或者 Max retries exceeded with url: / (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.",))

    如果在运行爬虫时报此错:requests.exceptions.SSLError: HTTPSConnectionPool(host='www.baidu.com', port=443): Max r ...

  7. pip install 时报错 pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

    pip install 时报错: pip is configured with locations that require TLS/SSL, however the ssl module in Py ...

  8. Caused by SSLError("Can’t connect to HTTPS URL because the SSL module is not available)

    window7系统: 今天刚安装的anaconda(开源的Python包管理器),把原来的python3和python2都给卸载了,结果运行爬虫程序的时候报错: Caused by SSLError( ...

  9. centos6.8安装python3.7.3报错Can't connect to HTTPS URL because the SSL module is not available问题解决

    环境:CentOS release 6.8 (Final) # 直接编译python3.7在使用pip3安装依赖的时候报错: Can't connect to HTTPS URL because th ...

随机推荐

  1. (转)Apache2 httpd.conf 配置详解 (二)

    转之--http://jafy00.blog.51cto.com/2594646/508205 DocumentRoot "/usr/local/apache-2.2.6/htdocs&qu ...

  2. asp.net mvc5 设置Area下的为启动页

    只需修改App_Start文件夹下RouteConfig中RegisterRoutes方法 public static void RegisterRoutes(RouteCollection rout ...

  3. Android简单例子——AlertDialog

    最近学习了一段时间的Android,在网上找了些小的Demo,自己模拟这做了下,首先谢谢那些提供例子的朋友 今天主要学习的是简单的Dialog的使用(实现退出对话框)和自定义对话框 1.实现退出对话框 ...

  4. C# 调用AForge类库操作摄像头

    如有雷同,不胜荣幸,若转载,请注明 最近做项目需要操作摄像头,在网上百度了很多资料,很多都是C#调用window API 发送SendMessage,实现操作摄像头,但是C#调用window API的 ...

  5. MVC5学习笔记

    买了一本MVC5的书:ASP.NET MVC 5 高级编程(第5版).边学边记录一下 1.快速创建模型类,如:自动实现的属性 {get;set;} 输入“prop",按Tab两次,默认属性值 ...

  6. label语句和break continue的使用(高程第三章)

    break&&outermost var num = 0; outermost: for(var i=0;i<10;i++){ for(var j=0;j<10;j++){ ...

  7. 实习之vim基本学习

    最近实习学到了写vim的基本用法,记录一下 批量注释 ctrl+v进入列模式,按“I”进入插入模式,按// #等在每行开头插入注释,esc 批量去除注释 ctrl + v 进入列模式,按“x”即可. ...

  8. 283. Move Zeroes(C++)

    283. Move Zeroes Given an array nums, write a function to move all 0's to the end of it while mainta ...

  9. 【HDU1402】【FNT版】A * B Problem Plus

    Problem Description Calculate A * B.   Input Each line will contain two integers A and B. Process to ...

  10. Linux 下的 blog客户端

    apt-cahce search metaweblog found gnome-blog blogilo try blogilo