Web application abuses : PHP Multiple Vulnerabilities - 02 (Aug 2016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.808790

Categoría: Web application abuses

Título: PHP Multiple Vulnerabilities - 02 (Aug 2016) - Linux

Resumen: PHP is prone to multiple vulnerabilities.

Descripción: Summary:
PHP is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- The 'spl_array.c' in the SPL extension improperly interacts with the
unserialize implementation and garbage collection.

- The integer overflow in the 'SplFileObject::fread' function in
'spl_directory.c' in the SPL extension.

Vulnerability Impact:
Successfully exploiting this issue allow
remote attackers to cause a denial of service (use-after-free and application
crash) or possibly execute arbitrary code or possibly have unspecified other
impact via a large integer argument.

Affected Software/OS:
PHP versions prior to 5.5.37 and 5.6.x
before 5.6.23 on Linux

Solution:
Update to PHP version 5.5.37, or 5.6.23,
or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5771
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
BugTraq ID: 91401
http://www.securityfocus.com/bid/91401
Debian Security Information: DSA-3618 (Google Search)
http://www.debian.org/security/2016/dsa-3618
http://www.openwall.com/lists/oss-security/2016/06/23/4
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-5770
BugTraq ID: 91403
http://www.securityfocus.com/bid/91403

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.808790
Categoría:	Web application abuses
Título:	PHP Multiple Vulnerabilities - 02 (Aug 2016) - Linux
Resumen:	PHP is prone to multiple vulnerabilities.
Descripción:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The 'spl_array.c' in the SPL extension improperly interacts with the unserialize implementation and garbage collection. - The integer overflow in the 'SplFileObject::fread' function in 'spl_directory.c' in the SPL extension. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code or possibly have unspecified other impact via a large integer argument. Affected Software/OS: PHP versions prior to 5.5.37 and 5.6.x before 5.6.23 on Linux Solution: Update to PHP version 5.5.37, or 5.6.23, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5771 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html BugTraq ID: 91401 http://www.securityfocus.com/bid/91401 Debian Security Information: DSA-3618 (Google Search) http://www.debian.org/security/2016/dsa-3618 http://www.openwall.com/lists/oss-security/2016/06/23/4 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5770 BugTraq ID: 91403 http://www.securityfocus.com/bid/91403
Copyright	Copyright (C) 2016 Greenbone AG