English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.804683
Categoría:Web application abuses
Título:PHP Multiple Vulnerabilities - 01 (Jul 2014)
Resumen:PHP is prone to multiple vulnerabilities.;; This VT has been deprecated and merged into the VTs 'PHP Multiple Vulnerabilities (Jun/Aug 2014) - Linux' (OID:; 1.3.6.1.4.1.25623.1.0.809736) and 'PHP Multiple Vulnerabilities (Jun/Aug 2014) - Windows' (OID:; 1.3.6.1.4.1.25623.1.0.809735).
Descripción:Summary:
PHP is prone to multiple vulnerabilities.

This VT has been deprecated and merged into the VTs 'PHP Multiple Vulnerabilities (Jun/Aug 2014) - Linux' (OID:
1.3.6.1.4.1.25623.1.0.809736) and 'PHP Multiple Vulnerabilities (Jun/Aug 2014) - Windows' (OID:
1.3.6.1.4.1.25623.1.0.809735).

Vulnerability Insight:
The flaws exist due to:

- A buffer overflow in the 'mconvert' function in softmagic.c script.

- Two type confusion errors when deserializing ArrayObject and SPLObjectStorage objects.

- An unspecified boundary check issue in the 'cdf_read_short_sector' function related to Fileinfo.

- Some boundary checking issues in the 'cdf_read_property_info', 'cdf_count_chain' and
'cdf_check_stream_offset' functions in cdf.c related to Fileinfo.

Vulnerability Impact:
Successful exploitation will allow remote attackers to conduct denial of
service attacks or potentially execute arbitrary code.

Affected Software/OS:
PHP version 5.4.x before 5.4.30 and 5.5.x before 5.5.14

Solution:
Update to PHP version 5.4.30 or 5.5.14 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3478
59794
http://secunia.com/advisories/59794
59831
http://secunia.com/advisories/59831
68239
http://www.securityfocus.com/bid/68239
APPLE-SA-2015-04-08-2
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
DSA-2974
http://www.debian.org/security/2014/dsa-2974
DSA-3021
http://www.debian.org/security/2014/dsa-3021
HPSBUX03102
http://marc.info/?l=bugtraq&m=141017844705317&w=2
RHSA-2014:1327
http://rhn.redhat.com/errata/RHSA-2014-1327.html
RHSA-2014:1765
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RHSA-2014:1766
http://rhn.redhat.com/errata/RHSA-2014-1766.html
SSRT101681
[file] 20140612 file-5.19 is now available
http://mx.gw.com/pipermail/file/2014/001553.html
http://support.apple.com/kb/HT6443
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=67410
https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
https://support.apple.com/HT204659
openSUSE-SU-2014:1236
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3515
BugTraq ID: 68237
http://www.securityfocus.com/bid/68237
Debian Security Information: DSA-2974 (Google Search)
HPdes Security Advisory: HPSBUX03102
HPdes Security Advisory: SSRT101681
RedHat Security Advisories: RHSA-2014:1765
RedHat Security Advisories: RHSA-2014:1766
http://secunia.com/advisories/60998
SuSE Security Announcement: openSUSE-SU-2014:1236 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-0207
68243
http://www.securityfocus.com/bid/68243
https://bugs.php.net/bug.php?id=67326
https://bugzilla.redhat.com/show_bug.cgi?id=1091842
https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391
Common Vulnerability Exposure (CVE) ID: CVE-2014-3487
68120
http://www.securityfocus.com/bid/68120
https://bugs.php.net/bug.php?id=67413
https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
Common Vulnerability Exposure (CVE) ID: CVE-2014-3479
68241
http://www.securityfocus.com/bid/68241
https://bugs.php.net/bug.php?id=67411
https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
Common Vulnerability Exposure (CVE) ID: CVE-2014-3480
68238
http://www.securityfocus.com/bid/68238
https://bugs.php.net/bug.php?id=67412
https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
CopyrightCopyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.