Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.808788
Categoría:Web application abuses
Título:PHP Multiple Vulnerabilities - 01 (Aug 2016) - Linux
Resumen:PHP is prone to multiple vulnerabilities.
Descripción:Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- The 'php_zip.c' script in the zip extension improperly interacts with the
unserialize implementation and garbage collection.

- The php_wddx_process_data function in 'wddx.c' script in the WDDX extension
mishandled data in a wddx_deserialize call.

- The multiple integer overflows in 'mcrypt.c' script in the mcrypt extension.

- The double free vulnerability in the '_php_mb_regex_ereg_replace_exec'
function in 'php_mbregex.c' script in the mbstring extension.

- An integer overflow in the '_gd2GetHeader' function in 'gd_gd2.c' script in
the GD Graphics Library.

- An integer overflow in the 'gdImageCreate' function in 'gd.c' script in the
GD Graphics Library.

Vulnerability Impact:
Successfully exploiting this issue allow
remote attackers to cause a denial of service (buffer overflow and application
crash) or possibly execute arbitrary code.

Affected Software/OS:
PHP versions prior to 5.5.37, 5.6.x before
5.6.23, and 7.x before 7.0.8 on Linux

Solution:
Update to PHP version 5.5.37, or 5.6.23,
or 7.0.8, or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5773
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
BugTraq ID: 91397
http://www.securityfocus.com/bid/91397
Debian Security Information: DSA-3618 (Google Search)
http://www.debian.org/security/2016/dsa-3618
http://www.openwall.com/lists/oss-security/2016/06/23/4
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5772
BugTraq ID: 91398
http://www.securityfocus.com/bid/91398
SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5769
BugTraq ID: 91399
http://www.securityfocus.com/bid/91399
Common Vulnerability Exposure (CVE) ID: CVE-2016-5768
BugTraq ID: 91396
http://www.securityfocus.com/bid/91396
RedHat Security Advisories: RHSA-2016:2598
http://rhn.redhat.com/errata/RHSA-2016-2598.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5766
Debian Security Information: DSA-3619 (Google Search)
http://www.debian.org/security/2016/dsa-3619
https://security.gentoo.org/glsa/201612-09
http://www.ubuntu.com/usn/USN-3030-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-5767
BugTraq ID: 91395
http://www.securityfocus.com/bid/91395
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.