ID de Prueba:	1.3.6.1.4.1.25623.1.0.805655
Categoría:	Web application abuses
Título:	PHP < 5.4.41, 5.5.x < 5.5.25, 5.6.x < 5.6.9 Multiple Vulnerabilities - Windows
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Algorithmic complexity vulnerability in the 'multipart_buffer_headers' function in main/rfc1867.c script in PHP. - 'pcntl_exec' implementation in PHP truncates a pathname upon encountering a \x00 character. - Integer overflow in the 'ftp_genlist' function in ext/ftp/ftp.c script in PHP. - The 'phar_parse_tarfile' function in ext/phar/tar.c script in PHP does not verify that the first character of a filename is different from the \0 character. Vulnerability Impact: Successfully exploiting these issues allow remote attackers to cause a denial of service, bypass intended extension restrictions and access and execute files or directories with unexpected names via crafted dimensions and remote FTP servers to execute arbitrary code. Affected Software/OS: PHP prior to version 5.4.41, 5.5.x prior to 5.5.25 and 5.6.x prior to 5.6.9. Solution: Update to version 5.4.41, 5.5.25, 5.6.9 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4021 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 74700 http://www.securityfocus.com/bid/74700 Debian Security Information: DSA-3280 (Google Search) http://www.debian.org/security/2015/dsa-3280 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html https://security.gentoo.org/glsa/201606-10 RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1186 http://rhn.redhat.com/errata/RHSA-2015-1186.html RedHat Security Advisories: RHSA-2015:1187 http://rhn.redhat.com/errata/RHSA-2015-1187.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html RedHat Security Advisories: RHSA-2015:1219 http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.securitytracker.com/id/1032433 SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4022 BugTraq ID: 74902 http://www.securityfocus.com/bid/74902 Common Vulnerability Exposure (CVE) ID: CVE-2015-4024 BugTraq ID: 74903 http://www.securityfocus.com/bid/74903 http://www.securitytracker.com/id/1032432 Common Vulnerability Exposure (CVE) ID: CVE-2015-4025 BugTraq ID: 74904 http://www.securityfocus.com/bid/74904 http://www.securitytracker.com/id/1032431 Common Vulnerability Exposure (CVE) ID: CVE-2015-4026 BugTraq ID: 75056 http://www.securityfocus.com/bid/75056
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.