ID de Prueba:	1.3.6.1.4.1.25623.1.0.808199
Categoría:	Web application abuses
Título:	PHP < 5.5.34, 5.6.x < 5.6.20, 7.0.x < 7.0.5 Multiple Vulnerabilities (Jul 2016) - Linux
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Multiple integer overflows in the mbfl_strcut function in 'ext/mbstring/libmbfl/mbfl/mbfilter.c' script. - A format string vulnerability in the php_snmp_error function in 'ext/snmp/snmp.c' script. - An improper handling of '\0' characters by the 'phar_analyze_path' function in 'ext/phar/phar.c' script. - An integer overflow in the 'php_raw_url_encode' function in 'ext/standard/url.c' script. - An improper handling of continuation-level jumps in 'file_check_mem' function in 'funcs.c' script. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code. Affected Software/OS: PHP versions prior to 5.5.34, 5.6.x before 5.6.20, and 7.0.x before 7.0.5 on Linux Solution: Update to version 5.5.34, 5.6.20, 7.0.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4070 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html BugTraq ID: 85801 http://www.securityfocus.com/bid/85801 Debian Security Information: DSA-3560 (Google Search) http://www.debian.org/security/2016/dsa-3560 http://www.openwall.com/lists/oss-security/2016/04/24/1 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: SUSE-SU-2016:1277 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1373 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2016-4071 BugTraq ID: 85800 http://www.securityfocus.com/bid/85800 https://www.exploit-db.com/exploits/39645/ https://security.gentoo.org/glsa/201611-22 Common Vulnerability Exposure (CVE) ID: CVE-2016-4072 BugTraq ID: 85993 http://www.securityfocus.com/bid/85993 Common Vulnerability Exposure (CVE) ID: CVE-2016-4073 BugTraq ID: 85991 http://www.securityfocus.com/bid/85991 Common Vulnerability Exposure (CVE) ID: CVE-2015-8865 BugTraq ID: 85802 http://www.securityfocus.com/bid/85802 https://security.gentoo.org/glsa/201701-42 SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html https://usn.ubuntu.com/3686-1/ https://usn.ubuntu.com/3686-2/
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.