Web application abuses : PHP Directory Traversal Vulnerability (Jul 2016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.808617

Categoría: Web application abuses

Título: PHP Directory Traversal Vulnerability (Jul 2016) - Linux

Resumen: PHP is prone to a directory traversal vulnerability.

Descripción: Summary:
PHP is prone to a directory traversal vulnerability.

Vulnerability Insight:
Multiple flaws are due to

- An error in the 'ZipArchive::extractTo' function in
'ext/zip/php_zip.c' script.

- The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2
is used, does not consider the possibility of a NULL valuePop return value
before proceeding with a free operation after the principal argument loop.

- Improper handling of multiple php_var_unserialize calls.

- Multiple use-after-free vulnerabilities.

Vulnerability Impact:
Successfully exploiting this issue allow remote
attackers to read arbitrary empty directories, also to cause a denial of service.

Affected Software/OS:
PHP versions prior to 5.4.45, 5.5.x before
5.5.29, and 5.6.x before 5.6.13 on Linux

Solution:
Update to PHP version 5.4.45, or 5.5.29,
or 5.6.13, or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9767
BugTraq ID: 76652
http://www.securityfocus.com/bid/76652
http://www.openwall.com/lists/oss-security/2016/03/16/20
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.securitytracker.com/id/1035311
SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
SuSE Security Announcement: SUSE-SU-2016:1166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html
SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html
SuSE Security Announcement: openSUSE-SU-2016:1173 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-6834
BugTraq ID: 76649
http://www.securityfocus.com/bid/76649
Debian Security Information: DSA-3358 (Google Search)
http://www.debian.org/security/2015/dsa-3358
https://security.gentoo.org/glsa/201606-10
http://www.securitytracker.com/id/1033548
Common Vulnerability Exposure (CVE) ID: CVE-2015-6835
BugTraq ID: 76734
http://www.securityfocus.com/bid/76734
Common Vulnerability Exposure (CVE) ID: CVE-2015-6837
BugTraq ID: 76738
http://www.securityfocus.com/bid/76738
Common Vulnerability Exposure (CVE) ID: CVE-2015-6838
BugTraq ID: 76733
http://www.securityfocus.com/bid/76733

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.808617
Categoría:	Web application abuses
Título:	PHP Directory Traversal Vulnerability (Jul 2016) - Linux
Resumen:	PHP is prone to a directory traversal vulnerability.
Descripción:	Summary: PHP is prone to a directory traversal vulnerability. Vulnerability Insight: Multiple flaws are due to - An error in the 'ZipArchive::extractTo' function in 'ext/zip/php_zip.c' script. - The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop. - Improper handling of multiple php_var_unserialize calls. - Multiple use-after-free vulnerabilities. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to read arbitrary empty directories, also to cause a denial of service. Affected Software/OS: PHP versions prior to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 on Linux Solution: Update to PHP version 5.4.45, or 5.5.29, or 5.6.13, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9767 BugTraq ID: 76652 http://www.securityfocus.com/bid/76652 http://www.openwall.com/lists/oss-security/2016/03/16/20 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035311 SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html SuSE Security Announcement: openSUSE-SU-2016:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-6834 BugTraq ID: 76649 http://www.securityfocus.com/bid/76649 Debian Security Information: DSA-3358 (Google Search) http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 http://www.securitytracker.com/id/1033548 Common Vulnerability Exposure (CVE) ID: CVE-2015-6835 BugTraq ID: 76734 http://www.securityfocus.com/bid/76734 Common Vulnerability Exposure (CVE) ID: CVE-2015-6837 BugTraq ID: 76738 http://www.securityfocus.com/bid/76738 Common Vulnerability Exposure (CVE) ID: CVE-2015-6838 BugTraq ID: 76733 http://www.securityfocus.com/bid/76733
Copyright	Copyright (C) 2016 Greenbone AG