 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.808603 |
| Categoría: | Web application abuses |
| Título: | PHP < 5.5.35, 5.6.x < 5.6.21, 7.0.x < 7.0.6 Multiple Vulnerabilities (Jul 2016) - Linux |
| Resumen: | PHP is prone to multiple vulnerabilities. |
| Descripción: | Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An improper validation of TIFF start data in 'exif_process_TIFF_in_JPEG' function in 'ext/exif/exif.c' script. - An improper validation of IFD sizes in 'exif_process_TIFF_in_JPEG' function in 'ext/exif/exif.c' script. - An improper construction of spprintf arguments, in 'exif_process_TIFF_in_JPEG' function in 'ext/exif/exif.c' script. - An error in 'grapheme_strpos function' in 'ext/intl/grapheme/grapheme_string.c'. - An error in 'xml_parse_into_struct' function in 'ext/xml/xml.c' script. - The 'bcpowmod' function in 'ext/bcmath/bcmath.c' improperly modifies certain data structures. - An improper validation of input passed to 'bcpowmod' function in 'ext/bcmath/bcmath.c' script. - An error in 'grapheme_strpos' function in ext/intl/grapheme/grapheme_string.c script. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact. Affected Software/OS: PHP versions prior to 5.5.35, 5.6.x before 5.6.21, and 7.0.x before 7.0.6 on Linux. Solution: Update to version 5.5.35, 5.6.21, 7.0.6 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-4537 BugTraq ID: 90173 http://www.securityfocus.com/bid/90173 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html https://security.gentoo.org/glsa/201611-22 http://www.openwall.com/lists/oss-security/2016/05/05/21 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: openSUSE-SU-2016:1357 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html SuSE Security Announcement: openSUSE-SU-2016:1524 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4538 Common Vulnerability Exposure (CVE) ID: CVE-2016-4539 BugTraq ID: 90174 http://www.securityfocus.com/bid/90174 Common Vulnerability Exposure (CVE) ID: CVE-2016-4540 BugTraq ID: 90172 http://www.securityfocus.com/bid/90172 Common Vulnerability Exposure (CVE) ID: CVE-2016-4541 Common Vulnerability Exposure (CVE) ID: CVE-2016-4542 BugTraq ID: 89844 http://www.securityfocus.com/bid/89844 Common Vulnerability Exposure (CVE) ID: CVE-2016-4543 Common Vulnerability Exposure (CVE) ID: CVE-2016-4544 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |