 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.809319 |
| Categoría: | Web application abuses |
| Título: | PHP Multiple Vulnerabilities - 02 (Sep 2016) - Linux |
| Resumen: | PHP is prone to multiple vulnerabilities. |
| Descripción: | Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - An invalid wddxPacket XML document that is mishandled in a wddx_deserialize call in 'ext/wddx/wddx.c' script. - An error in 'php_wddx_pop_element' function in 'ext/wddx/wddx.c' script. - An error in 'php_wddx_process_data' function in 'ext/wddx/wddx.c' script. - Improper handling of the case of a thumbnail offset that exceeds the file size in 'exif_process_IFD_in_TIFF' function in 'ext/exif/exif.c' script. - Improper validation of gamma values in 'imagegammacorrect' function in 'ext/gd/gd.c' script. - Improper validation of number of colors in 'imagegammacorrect' function in 'ext/gd/gd.c' script. - The script 'ext/session/session.c' skips invalid session names in a way that triggers incorrect parsing. - Improper handling of certain objects in 'ext/standard/var_unserializer.c' script. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service, to obtain sensitive information from process memory, to inject arbitrary-type session data by leveraging control of a session name. Affected Software/OS: PHP versions prior to 5.6.25 and 7.x before 7.0.10 on Linux Solution: Update to PHP version 5.6.25, or 7.0.10, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7124 BugTraq ID: 92756 http://www.securityfocus.com/bid/92756 https://security.gentoo.org/glsa/201611-22 http://openwall.com/lists/oss-security/2016/09/02/9 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036680 Common Vulnerability Exposure (CVE) ID: CVE-2016-7125 BugTraq ID: 92552 http://www.securityfocus.com/bid/92552 Common Vulnerability Exposure (CVE) ID: CVE-2016-7126 BugTraq ID: 92755 http://www.securityfocus.com/bid/92755 Common Vulnerability Exposure (CVE) ID: CVE-2016-7127 BugTraq ID: 92757 http://www.securityfocus.com/bid/92757 Common Vulnerability Exposure (CVE) ID: CVE-2016-7128 BugTraq ID: 92564 http://www.securityfocus.com/bid/92564 Common Vulnerability Exposure (CVE) ID: CVE-2016-7129 BugTraq ID: 92758 http://www.securityfocus.com/bid/92758 Common Vulnerability Exposure (CVE) ID: CVE-2016-7130 BugTraq ID: 92764 http://www.securityfocus.com/bid/92764 Common Vulnerability Exposure (CVE) ID: CVE-2016-7131 BugTraq ID: 92768 http://www.securityfocus.com/bid/92768 Common Vulnerability Exposure (CVE) ID: CVE-2016-7132 BugTraq ID: 92767 http://www.securityfocus.com/bid/92767 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |