ID de Prueba:	1.3.6.1.4.1.25623.1.0.808787
Categoría:	Web application abuses
Título:	PHP < 5.5.37, 5.6.x < 5.6.23, 7.x < 7.0.8 Multiple Vulnerabilities (Aug 2016) - Windows
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - The 'php_zip.c' script in the zip extension improperly interacts with the unserialize implementation and garbage collection. - The php_wddx_process_data function in 'wddx.c' script in the WDDX extension mishandled data in a wddx_deserialize call. - The multiple integer overflows in 'mcrypt.c' script in the mcrypt extension. - The double free vulnerability in the '_php_mb_regex_ereg_replace_exec' function in 'php_mbregex.c' script in the mbstring extension. - An integer overflow in the '_gd2GetHeader' function in 'gd_gd2.c' script in the GD Graphics Library. - An integer overflow in the 'gdImageCreate' function in 'gd.c' script in the GD Graphics Library. Vulnerability Impact: Successfully exploiting these issues allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code. Affected Software/OS: PHP prior to version 5.5.37, 5.6.x prior to 5.6.23 and 7.x prior to 7.0.8 on Windows. Solution: Update to PHP version 5.5.37, 5.6.23, 7.0.8 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5766 Debian Security Information: DSA-3619 (Google Search) http://www.debian.org/security/2016/dsa-3619 https://security.gentoo.org/glsa/201612-09 http://www.openwall.com/lists/oss-security/2016/06/23/4 RedHat Security Advisories: RHSA-2016:2598 http://rhn.redhat.com/errata/RHSA-2016-2598.html RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://www.ubuntu.com/usn/USN-3030-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-5767 BugTraq ID: 91395 http://www.securityfocus.com/bid/91395 Common Vulnerability Exposure (CVE) ID: CVE-2016-5768 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html BugTraq ID: 91396 http://www.securityfocus.com/bid/91396 Debian Security Information: DSA-3618 (Google Search) http://www.debian.org/security/2016/dsa-3618 Common Vulnerability Exposure (CVE) ID: CVE-2016-5769 BugTraq ID: 91399 http://www.securityfocus.com/bid/91399 Common Vulnerability Exposure (CVE) ID: CVE-2016-5772 BugTraq ID: 91398 http://www.securityfocus.com/bid/91398 Common Vulnerability Exposure (CVE) ID: CVE-2016-5773 BugTraq ID: 91397 http://www.securityfocus.com/bid/91397
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.