ID de Prueba:	1.3.6.1.4.1.25623.1.0.804160
Categoría:	Web application abuses
Título:	PHP < 5.3.29, 5.4.x < 5.4.24, 5.5.x < 5.5.8 RCE Vulnerability
Resumen:	PHP is prone to a remote code execution (RCE); vulnerability.
Descripción:	Summary: PHP is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: An error exists in the 'scan function' in 'ext/date/lib/parse_iso_intervals.c' which does not validate user-supplied input when handling 'DateInterval' objects. Vulnerability Impact: Successful exploitation will allow remote attackers to allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service. Affected Software/OS: PHP versions prior to 5.3.29, 5.4.x prior to 5.4.24, 5.5.x prior to 5.5.8. Solution: Update to version 5.3.29, 5.4.24, 5.5.8 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6712 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html Debian Security Information: DSA-2816 (Google Search) http://www.debian.org/security/2013/dsa-2816 HPdes Security Advisory: HPSBMU03112 https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 HPdes Security Advisory: SSRT101447 https://bugs.php.net/bug.php?id=66060 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html SuSE Security Announcement: openSUSE-SU-2013:1963 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html SuSE Security Announcement: openSUSE-SU-2013:1964 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://www.ubuntu.com/usn/USN-2055-1
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.