Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.813160 |
Kategorie: | Web application abuses |
Titel: | PHP Multiple Vulnerabilities May18 (Linux) |
Zusammenfassung: | PHP is prone to multiple vulnerabilities. |
Beschreibung: | Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to - An out of bounds read error in 'exif_read_data' function while processing crafted JPG data. - An error in stream filter 'convert.iconv' which leads to infinite loop on invalid sequence. - An error in the LDAP module of PHP which allows a malicious LDAP server or man-in-the-middle attacker to crash PHP. - An error in the 'phar_do_404()' function in 'ext/phar/phar_object.c' script which returns parts of the request unfiltered, leading to another XSS vector. This is due to incomplete fix for CVE-2018-5712. Vulnerability Impact: Successful exploitation will allow an attacker to conduct XSS attacks, crash PHP, conduct denial-of-service condition and execute arbitrary code in the context of the affected application. Affected Software/OS: PHP versions prior to 5.6.36, PHP versions 7.2.x prior to 7.2.5, PHP versions 7.0.x prior to 7.0.30, PHP versions 7.1.x prior to 7.1.17 on Linux. Solution: Update to version 7.2.5 or 7.0.30 or 5.6.36 or 7.1.17 or later. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-10549 Common Vulnerability Exposure (CVE) ID: CVE-2018-10546 Common Vulnerability Exposure (CVE) ID: CVE-2018-10548 Common Vulnerability Exposure (CVE) ID: CVE-2018-10547 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |