Test Kennung:	1.3.6.1.4.1.25623.1.0.808198
Kategorie:	Web application abuses
Titel:	PHP Multiple Vulnerabilities - 01 - Jul16 (Windows)
Zusammenfassung:	PHP is prone to multiple vulnerabilities.
Beschreibung:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Multiple integer overflows in the mbfl_strcut function in 'ext/mbstring/libmbfl/mbfl/mbfilter.c' script. - Format string vulnerability in the php_snmp_error function in 'ext/snmp/snmp.c' script. - An improper handling of '\0' characters by the 'phar_analyze_path' function in 'ext/phar/phar.c' script. - An integer overflow in the 'php_raw_url_encode' function in 'ext/standard/url.c' script. - An improper handling of continuation-level jumps in 'file_check_mem' function in 'funcs.c' script. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code. Affected Software/OS: PHP versions prior to 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 on Windows Solution: Update to PHP version 5.5.34, or 5.6.20, or 7.0.5, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 85800 BugTraq ID: 85801 BugTraq ID: 85802 BugTraq ID: 85991 BugTraq ID: 85993 Common Vulnerability Exposure (CVE) ID: CVE-2016-4070 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/85801 Debian Security Information: DSA-3560 (Google Search) http://www.debian.org/security/2016/dsa-3560 http://www.openwall.com/lists/oss-security/2016/04/24/1 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: SUSE-SU-2016:1277 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1373 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2016-4071 http://www.securityfocus.com/bid/85800 https://www.exploit-db.com/exploits/39645/ https://security.gentoo.org/glsa/201611-22 Common Vulnerability Exposure (CVE) ID: CVE-2016-4072 http://www.securityfocus.com/bid/85993 Common Vulnerability Exposure (CVE) ID: CVE-2016-4073 http://www.securityfocus.com/bid/85991 Common Vulnerability Exposure (CVE) ID: CVE-2015-8865 http://www.securityfocus.com/bid/85802 https://security.gentoo.org/glsa/201701-42 SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html https://usn.ubuntu.com/3686-1/ https://usn.ubuntu.com/3686-2/
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.