Web application abuses : PHP < 5.5.38, 5.6.x < 5.6.24, 7.0.x < 7.0.9 Multiple Vulnerabilities (Jul 2016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.808633
Categoría:	Web application abuses
Título:	PHP < 5.5.38, 5.6.x < 5.6.24, 7.0.x < 7.0.9 Multiple Vulnerabilities (Jul 2016) - Windows
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Integer overflow in the 'php_stream_zip_opener' function in 'ext/zip/zip_stream.c' - Integer signedness error in the 'simplestring_addn' function in 'simplestring.c' in xmlrpc-epi - 'ext/snmp/snmp.c' improperly interacts with the unserialize implementation and garbage collection - The 'locale_accept_from_http' function in 'ext/intl/locale/locale_methods.c' does not properly restrict calls to the ICU 'uloc_acceptLanguageFromHTTP' function - Error in the 'exif_process_user_comment' function of 'ext/exif/exif.c' - Error in the 'exif_process_IFD_in_MAKERNOTE' function of 'ext/exif/exif.c' - 'ext/session/session.c' does not properly maintain a certain hash data structure - Integer overflow in the 'virtual_file_ex' function of 'TSRM/tsrm_virtual_cwd.c' - Error in the 'php_url_parse_ex' function of 'ext/standard/url.c' - Integer overflow error within _gdContributionsAlloc() - Inadequate error handling in bzread() Vulnerability Impact: Successfully exploiting these issues may allow attackers to cause a denial of service obtain sensitive information from process memory, or possibly have unspecified other impact. Affected Software/OS: PHP prior to version 5.5.38, 5.6.x prior to 5.6.24 and 7.x prior to 7.0.9. Solution: Update to version 5.5.38, 5.6.24, 7.0.9 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5399 1036430 http://www.securitytracker.com/id/1036430 20160721 CVE-2016-5399: php: out-of-bounds write in bzread() http://www.securityfocus.com/archive/1/538966/100/0/threaded 20160725 CVE-2016-5399: php: out-of-bounds write in bzread() http://seclists.org/fulldisclosure/2016/Jul/72 40155 https://www.exploit-db.com/exploits/40155/ 92051 http://www.securityfocus.com/bid/92051 DSA-3631 http://www.debian.org/security/2016/dsa-3631 RHSA-2016:2598 http://rhn.redhat.com/errata/RHSA-2016-2598.html RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html [oss-security] 20160721 CVE-2016-5399: php: out-of-bounds write in bzread() http://www.openwall.com/lists/oss-security/2016/07/21/1 http://packetstormsecurity.com/files/137998/PHP-7.0.8-5.6.23-5.5.37-bzread-OOB-Write.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php https://bugs.php.net/bug.php?id=72613 https://bugzilla.redhat.com/show_bug.cgi?id=1358395 https://security.netapp.com/advisory/ntap-20180112-0001/ Common Vulnerability Exposure (CVE) ID: CVE-2016-6207 BugTraq ID: 92080 http://www.securityfocus.com/bid/92080 Bugtraq: 20160803 Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability (Google Search) http://www.securityfocus.com/archive/1/539100/100/0/threaded Debian Security Information: DSA-3630 (Google Search) http://www.debian.org/security/2016/dsa-3630 https://security.gentoo.org/glsa/201612-09 http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html https://secunia.com/secunia_research/2016-9/ RedHat Security Advisories: RHSA-2016:2750 http://www.securitytracker.com/id/1036535 SuSE Security Announcement: openSUSE-SU-2016:2117 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html SuSE Security Announcement: openSUSE-SU-2016:2363 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.ubuntu.com/usn/USN-3060-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-6288 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html BugTraq ID: 92111 http://www.securityfocus.com/bid/92111 http://openwall.com/lists/oss-security/2016/07/24/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-6289 BugTraq ID: 92074 http://www.securityfocus.com/bid/92074 Debian Security Information: DSA-3631 (Google Search) https://security.gentoo.org/glsa/201611-22 http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities Common Vulnerability Exposure (CVE) ID: CVE-2016-6290 BugTraq ID: 92097 http://www.securityfocus.com/bid/92097 Common Vulnerability Exposure (CVE) ID: CVE-2016-6291 BugTraq ID: 92073 http://www.securityfocus.com/bid/92073 Common Vulnerability Exposure (CVE) ID: CVE-2016-6292 BugTraq ID: 92078 http://www.securityfocus.com/bid/92078 Common Vulnerability Exposure (CVE) ID: CVE-2016-6294 BugTraq ID: 92115 http://www.securityfocus.com/bid/92115 Common Vulnerability Exposure (CVE) ID: CVE-2016-6295 BugTraq ID: 92094 http://www.securityfocus.com/bid/92094 Common Vulnerability Exposure (CVE) ID: CVE-2016-6296 BugTraq ID: 92095 http://www.securityfocus.com/bid/92095 https://lists.debian.org/debian-lts-announce/2019/11/msg00029.html http://www.ubuntu.com/usn/USN-3059-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-6297 BugTraq ID: 92099 http://www.securityfocus.com/bid/92099
Copyright	Copyright (C) 2016 Greenbone AG