Test Kennung:	1.3.6.1.4.1.25623.1.0.808617
Kategorie:	Web application abuses
Titel:	PHP Directory Traversal Vulnerability - Jul16 (Linux)
Zusammenfassung:	PHP is prone to a directory traversal vulnerability.
Beschreibung:	Summary: PHP is prone to a directory traversal vulnerability. Vulnerability Insight: Multiple flaws are due to - An error in the 'ZipArchive::extractTo' function in 'ext/zip/php_zip.c' script. - The xsl_ext_function_php function in ext/xsl/xsltprocessor.c when libxml2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop. - Improper handling of multiple php_var_unserialize calls. - Multiple use-after-free vulnerabilities. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to read arbitrary empty directories, also to cause a denial of service. Affected Software/OS: PHP versions prior to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 on Linux Solution: Update to PHP version 5.4.45, or 5.5.29, or 5.6.13, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 76652 BugTraq ID: 76649 BugTraq ID: 76733 BugTraq ID: 76734 BugTraq ID: 76738 Common Vulnerability Exposure (CVE) ID: CVE-2014-9767 http://www.securityfocus.com/bid/76652 http://www.openwall.com/lists/oss-security/2016/03/16/20 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035311 SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html SuSE Security Announcement: SUSE-SU-2016:1166 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:1167 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html SuSE Security Announcement: openSUSE-SU-2016:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-6834 http://www.securityfocus.com/bid/76649 Debian Security Information: DSA-3358 (Google Search) http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 http://www.securitytracker.com/id/1033548 Common Vulnerability Exposure (CVE) ID: CVE-2015-6835 http://www.securityfocus.com/bid/76734 Common Vulnerability Exposure (CVE) ID: CVE-2015-6837 http://www.securityfocus.com/bid/76738 Common Vulnerability Exposure (CVE) ID: CVE-2015-6838 http://www.securityfocus.com/bid/76733
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.