Web application abuses : PHP Multiple Vulnerabilities (Jan 2015)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805409

Categoría: Web application abuses

Título: PHP Multiple Vulnerabilities (Jan 2015)

Resumen: PHP is prone to multiple vulnerabilities.

Descripción: Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation
in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP.

- CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var
_unserializer.c.

- CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates
on floating-point arrays incorrectly.

Vulnerability Impact:
Successful exploitation will allow remote attackers to cause a
denial of service or possibly execute arbitrary code via different crafted dimensions.

Affected Software/OS:
PHP versions 5.4.x before 5.4.34, 5.5.x before 5.5.18, and
5.6.x before 5.6.2

Solution:
Update to version 5.4.34, 5.5.18, 5.6.2 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3668
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
BugTraq ID: 70666
http://www.securityfocus.com/bid/70666
Debian Security Information: DSA-3064 (Google Search)
http://www.debian.org/security/2014/dsa-3064
RedHat Security Advisories: RHSA-2014:1765
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RedHat Security Advisories: RHSA-2014:1766
http://rhn.redhat.com/errata/RHSA-2014-1766.html
RedHat Security Advisories: RHSA-2014:1767
http://rhn.redhat.com/errata/RHSA-2014-1767.html
RedHat Security Advisories: RHSA-2014:1768
http://rhn.redhat.com/errata/RHSA-2014-1768.html
http://secunia.com/advisories/59967
http://secunia.com/advisories/60630
http://secunia.com/advisories/60699
http://secunia.com/advisories/61763
http://secunia.com/advisories/61970
http://secunia.com/advisories/61982
SuSE Security Announcement: openSUSE-SU-2014:1377 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html
SuSE Security Announcement: openSUSE-SU-2014:1391 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html
SuSE Security Announcement: openSUSE-SU-2015:0014 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html
http://www.ubuntu.com/usn/USN-2391-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3669
BugTraq ID: 70611
http://www.securityfocus.com/bid/70611
RedHat Security Advisories: RHSA-2014:1824
http://rhn.redhat.com/errata/RHSA-2014-1824.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3670
BugTraq ID: 70665
http://www.securityfocus.com/bid/70665

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805409
Categoría:	Web application abuses
Título:	PHP Multiple Vulnerabilities (Jan 2015)
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP. - CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var _unserializer.c. - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service or possibly execute arbitrary code via different crafted dimensions. Affected Software/OS: PHP versions 5.4.x before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 Solution: Update to version 5.4.34, 5.5.18, 5.6.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3668 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 70666 http://www.securityfocus.com/bid/70666 Debian Security Information: DSA-3064 (Google Search) http://www.debian.org/security/2014/dsa-3064 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2014:1767 http://rhn.redhat.com/errata/RHSA-2014-1767.html RedHat Security Advisories: RHSA-2014:1768 http://rhn.redhat.com/errata/RHSA-2014-1768.html http://secunia.com/advisories/59967 http://secunia.com/advisories/60630 http://secunia.com/advisories/60699 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://secunia.com/advisories/61982 SuSE Security Announcement: openSUSE-SU-2014:1377 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html SuSE Security Announcement: openSUSE-SU-2014:1391 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html SuSE Security Announcement: openSUSE-SU-2015:0014 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://www.ubuntu.com/usn/USN-2391-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3669 BugTraq ID: 70611 http://www.securityfocus.com/bid/70611 RedHat Security Advisories: RHSA-2014:1824 http://rhn.redhat.com/errata/RHSA-2014-1824.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3670 BugTraq ID: 70665 http://www.securityfocus.com/bid/70665
Copyright	Copyright (C) 2015 Greenbone AG