Test ID:	1.3.6.1.4.1.25623.1.0.806648
Category:	Denial of Service
Title:	PHP < 5.5.30, 5.6.x < 5.6.14 Multiple DoS Vulnerabilities - Windows
Summary:	PHP is prone to multiple denial of service (DoS); vulnerabilities.
Description:	Summary: PHP is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2015-7804: Off-by-one error in the 'phar_parse_zipfile' function within ext/phar/zip.c script. - CVE-2015-7803: An error in the 'phar_get_entry_data' function in ext/phar/util.c script. Vulnerability Impact: Successfully exploiting these issues allow remote attackers to cause a denial of service (NULL pointer dereference and application crash). Affected Software/OS: PHP prior to version 5.5.30 and 5.6.x prior to 5.6.14. Solution: Update to version 5.5.30, 5.6.14 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7803 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html BugTraq ID: 76959 http://www.securityfocus.com/bid/76959 Debian Security Information: DSA-3380 (Google Search) http://www.debian.org/security/2015/dsa-3380 https://security.gentoo.org/glsa/201606-10 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720 SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html SuSE Security Announcement: openSUSE-SU-2016:0251 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html SuSE Security Announcement: openSUSE-SU-2016:0366 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://www.ubuntu.com/usn/USN-2786-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7804
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.