Web application abuses : PHP Directory Traversal Vulnerability

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.808616

Categoría: Web application abuses

Título: PHP Directory Traversal Vulnerability - Jul16 (Windows)

Resumen: PHP is prone to a directory traversal vulnerability.

Descripción: Summary:
PHP is prone to a directory traversal vulnerability.

Vulnerability Insight:
Multiple flaws are due to

- An error in the 'ZipArchive::extractTo' function in
'ext/zip/php_zip.c' script.

- The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2
is used, does not consider the possibility of a NULL valuePop return value
before proceeding with a free operation after the principal argument loop.

- Improper handling of multiple php_var_unserialize calls.

- Multiple use-after-free vulnerabilities.

Vulnerability Impact:
Successfully exploiting this issue allow remote
attackers to read arbitrary empty directories, also to cause a denial of service.

Affected Software/OS:
PHP versions prior to 5.4.45, 5.5.x before
5.5.29, and 5.6.x before 5.6.13 on Windows

Solution:
Update to PHP version 5.4.45, or 5.5.29,
or 5.6.13, or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 76652
BugTraq ID: 76649
BugTraq ID: 76733
BugTraq ID: 76734
BugTraq ID: 76738
Common Vulnerability Exposure (CVE) ID: CVE-2014-9767
http://www.securityfocus.com/bid/76652
http://www.openwall.com/lists/oss-security/2016/03/16/20
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.securitytracker.com/id/1035311
SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
SuSE Security Announcement: SUSE-SU-2016:1166 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html
SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html
SuSE Security Announcement: openSUSE-SU-2016:1173 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-6834
http://www.securityfocus.com/bid/76649
Debian Security Information: DSA-3358 (Google Search)
http://www.debian.org/security/2015/dsa-3358
https://security.gentoo.org/glsa/201606-10
http://www.securitytracker.com/id/1033548
Common Vulnerability Exposure (CVE) ID: CVE-2015-6835
http://www.securityfocus.com/bid/76734
Common Vulnerability Exposure (CVE) ID: CVE-2015-6837
http://www.securityfocus.com/bid/76738
Common Vulnerability Exposure (CVE) ID: CVE-2015-6838
http://www.securityfocus.com/bid/76733

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.808616
Categoría:	Web application abuses
Título:	PHP Directory Traversal Vulnerability - Jul16 (Windows)
Resumen:	PHP is prone to a directory traversal vulnerability.
Descripción:	Summary: PHP is prone to a directory traversal vulnerability. Vulnerability Insight: Multiple flaws are due to - An error in the 'ZipArchive::extractTo' function in 'ext/zip/php_zip.c' script. - The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop. - Improper handling of multiple php_var_unserialize calls. - Multiple use-after-free vulnerabilities. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to read arbitrary empty directories, also to cause a denial of service. Affected Software/OS: PHP versions prior to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 on Windows Solution: Update to PHP version 5.4.45, or 5.5.29, or 5.6.13, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 76652 BugTraq ID: 76649 BugTraq ID: 76733 BugTraq ID: 76734 BugTraq ID: 76738 Common Vulnerability Exposure (CVE) ID: CVE-2014-9767 http://www.securityfocus.com/bid/76652 http://www.openwall.com/lists/oss-security/2016/03/16/20 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035311 SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html SuSE Security Announcement: openSUSE-SU-2016:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-6834 http://www.securityfocus.com/bid/76649 Debian Security Information: DSA-3358 (Google Search) http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 http://www.securitytracker.com/id/1033548 Common Vulnerability Exposure (CVE) ID: CVE-2015-6835 http://www.securityfocus.com/bid/76734 Common Vulnerability Exposure (CVE) ID: CVE-2015-6837 http://www.securityfocus.com/bid/76738 Common Vulnerability Exposure (CVE) ID: CVE-2015-6838 http://www.securityfocus.com/bid/76733
Copyright	Copyright (C) 2016 Greenbone Networks GmbH