ID de Prueba:	1.3.6.1.4.1.25623.1.0.808616
Categoría:	Web application abuses
Título:	PHP < 5.4.45, 5.5.x < 5.5.29, 5.6.x < 5.6.13 Multiple Vulnerabilities (Jul 2016) - Windows
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Error in the 'ZipArchive::extractTo' function in 'ext/zip/php_zip.c' script. - The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop. - Improper handling of multiple php_var_unserialize calls - Multiple use-after-free vulnerabilities Vulnerability Impact: Successfully exploiting these issues allow remote attackers to read arbitrary empty directories, also to cause a denial of service. Affected Software/OS: PHP prior to version 5.4.45, 5.5.x prior to 5.5.29 and 5.6.x prior to 5.6.13 on Windows. Solution: Update to version 5.4.45, 5.5.29, 5.6.13 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9767 BugTraq ID: 76652 http://www.securityfocus.com/bid/76652 http://www.openwall.com/lists/oss-security/2016/03/16/20 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035311 SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html SuSE Security Announcement: openSUSE-SU-2016:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-6834 BugTraq ID: 76649 http://www.securityfocus.com/bid/76649 Debian Security Information: DSA-3358 (Google Search) http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 http://www.securitytracker.com/id/1033548 Common Vulnerability Exposure (CVE) ID: CVE-2015-6835 BugTraq ID: 76734 http://www.securityfocus.com/bid/76734 Common Vulnerability Exposure (CVE) ID: CVE-2015-6837 BugTraq ID: 76738 http://www.securityfocus.com/bid/76738 Common Vulnerability Exposure (CVE) ID: CVE-2015-6838 BugTraq ID: 76733 http://www.securityfocus.com/bid/76733
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.