Web application abuses : PHP < 5.5.27, 5.6.x < 5.6.11 Arbitrary Code Execution Vulnerability (Aug 2016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.808670

Categoría: Web application abuses

Título: PHP < 5.5.27, 5.6.x < 5.6.11 Arbitrary Code Execution Vulnerability (Aug 2016) - Windows

Resumen: PHP is prone to an arbitrary code execution vulnerability.

Descripción: Summary:
PHP is prone to an arbitrary code execution vulnerability.

Vulnerability Insight:
An use-after-free vulnerability occurs in the
'spl_ptr_heap_insert' function in 'ext/spl/spl_heap.c'.

Vulnerability Impact:
Successfully exploiting this issue allow remote attackers to
execute arbitrary code by triggering a failed SplMinHeap::compare operation.

Affected Software/OS:
PHP prior to version 5.5.27 and 5.6.x prior to 5.6.11 on
Windows.

Solution:
Update to version 5.5.27, 5.6.11 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-4116
https://www.htbridge.com/advisory/HTB23262
SuSE Security Announcement: openSUSE-SU-2016:1524 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.808670
Categoría:	Web application abuses
Título:	PHP < 5.5.27, 5.6.x < 5.6.11 Arbitrary Code Execution Vulnerability (Aug 2016) - Windows
Resumen:	PHP is prone to an arbitrary code execution vulnerability.
Descripción:	Summary: PHP is prone to an arbitrary code execution vulnerability. Vulnerability Insight: An use-after-free vulnerability occurs in the 'spl_ptr_heap_insert' function in 'ext/spl/spl_heap.c'. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. Affected Software/OS: PHP prior to version 5.5.27 and 5.6.x prior to 5.6.11 on Windows. Solution: Update to version 5.5.27, 5.6.11 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4116 https://www.htbridge.com/advisory/HTB23262 SuSE Security Announcement: openSUSE-SU-2016:1524 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
Copyright	Copyright (C) 2016 Greenbone AG