Test ID:	1.3.6.1.4.1.25623.1.0.142049
Category:	Web application abuses
Title:	PHP Multiple Vulnerabilities (Feb 2019) - Windows
Summary:	PHP is prone to multiple vulnerabilities.
Description:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166) - Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977) - Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023) - Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023) - Fixed bug #77381 (heap buffer overflow in multibyte match_at). (CVE-2019-9023) - Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023) - Fixed bug #77385 (buffer overflow in fetch_token). (CVE-2019-9023) - Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023) - Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023) - Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021) - Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020) - Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024) Affected Software/OS: PHP versions before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14 and 7.3.x before 7.3.1. Solution: Update to version 5.6.40, 7.1.16, 7.2.14, 7.3.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10166 BugTraq ID: 95869 http://www.securityfocus.com/bid/95869 Debian Security Information: DSA-3777 (Google Search) http://www.debian.org/security/2017/dsa-3777 http://www.openwall.com/lists/oss-security/2017/01/26/1 http://www.openwall.com/lists/oss-security/2017/01/28/6 RedHat Security Advisories: RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519 RedHat Security Advisories: RHSA-2019:3299 https://access.redhat.com/errata/RHSA-2019:3299 Common Vulnerability Exposure (CVE) ID: CVE-2019-9020 BugTraq ID: 107156 http://www.securityfocus.com/bid/107156 Debian Security Information: DSA-4398 (Google Search) https://www.debian.org/security/2019/dsa-4398 https://bugs.php.net/bug.php?id=77242 https://bugs.php.net/bug.php?id=77249 SuSE Security Announcement: openSUSE-SU-2019:1256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html SuSE Security Announcement: openSUSE-SU-2019:1293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html SuSE Security Announcement: openSUSE-SU-2019:1572 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html SuSE Security Announcement: openSUSE-SU-2019:1573 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://usn.ubuntu.com/3902-1/ https://usn.ubuntu.com/3902-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9021 BugTraq ID: 106747 http://www.securityfocus.com/bid/106747 https://bugs.php.net/bug.php?id=77247 Common Vulnerability Exposure (CVE) ID: CVE-2019-9023 https://bugs.php.net/bug.php?id=77370 https://bugs.php.net/bug.php?id=77371 https://bugs.php.net/bug.php?id=77381 https://bugs.php.net/bug.php?id=77382 https://bugs.php.net/bug.php?id=77385 https://bugs.php.net/bug.php?id=77394 https://bugs.php.net/bug.php?id=77418 Common Vulnerability Exposure (CVE) ID: CVE-2019-9024 https://bugs.php.net/bug.php?id=77380 Common Vulnerability Exposure (CVE) ID: CVE-2019-6977 BugTraq ID: 106731 http://www.securityfocus.com/bid/106731 Debian Security Information: DSA-4384 (Google Search) https://www.debian.org/security/2019/dsa-4384 https://www.exploit-db.com/exploits/46677/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/ https://security.gentoo.org/glsa/201903-18 http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php https://bugs.php.net/bug.php?id=77270 https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html SuSE Security Announcement: openSUSE-SU-2019:1140 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html SuSE Security Announcement: openSUSE-SU-2019:1148 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html https://usn.ubuntu.com/3900-1/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.