Denial of Service : PHP <= 7.1.5 Multiple DoS Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.117799

Kategorie: Denial of Service

Titel: PHP <= 7.1.5 Multiple DoS Vulnerabilities

Zusammenfassung: PHP is prone to multiple denial of service (DoS); vulnerabilities.

Beschreibung: Summary:
PHP is prone to multiple denial of service (DoS)
vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2017-8923: The zend_string_extend function in Zend/zend_string.h does not prevent changes to
string objects that result in a negative length, which allows remote attackers to cause a denial
of service (application crash) or possibly have unspecified other impact by leveraging a script's
use of .= with a long string.

- CVE-2017-9119: The i_zval_ptr_dtor function in Zend/zend_variables.h allows attackers to cause a
denial of service (memory consumption and application crash) or possibly have unspecified other
impact by triggering crafted operations on array data structures.

Affected Software/OS:
PHP versions through 7.1.5.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-8923
BugTraq ID: 98518
http://www.securityfocus.com/bid/98518
https://bugs.php.net/bug.php?id=74577
Common Vulnerability Exposure (CVE) ID: CVE-2017-9119
BugTraq ID: 98596
http://www.securityfocus.com/bid/98596
https://bugs.php.net/bug.php?id=74593

Copyright Copyright (C) 2021 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.117799
Kategorie:	Denial of Service
Titel:	PHP <= 7.1.5 Multiple DoS Vulnerabilities
Zusammenfassung:	PHP is prone to multiple denial of service (DoS); vulnerabilities.
Beschreibung:	Summary: PHP is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2017-8923: The zend_string_extend function in Zend/zend_string.h does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. - CVE-2017-9119: The i_zval_ptr_dtor function in Zend/zend_variables.h allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. Affected Software/OS: PHP versions through 7.1.5. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8923 BugTraq ID: 98518 http://www.securityfocus.com/bid/98518 https://bugs.php.net/bug.php?id=74577 Common Vulnerability Exposure (CVE) ID: CVE-2017-9119 BugTraq ID: 98596 http://www.securityfocus.com/bid/98596 https://bugs.php.net/bug.php?id=74593
Copyright	Copyright (C) 2021 Greenbone AG