Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.808634 |
Kategorie: | Web application abuses |
Titel: | PHP Multiple Vulnerabilities - 05 - Jul16 (Linux) |
Zusammenfassung: | PHP is prone to multiple vulnerabilities. |
Beschreibung: | Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - An integer overflow in the 'php_stream_zip_opener' function in 'ext/zip/zip_stream.c' script. - An integer signedness error in the 'simplestring_addn' function in 'simplestring.c' in xmlrpc-epi. - The 'ext/snmp/snmp.c' script improperly interacts with the unserialize implementation and garbage collection. - The 'locale_accept_from_http' function in 'ext/intl/locale/locale_methods.c' script does not properly restrict calls to the ICU 'uloc_acceptLanguageFromHTTP' function. - An error in the 'exif_process_user_comment' function in 'ext/exif/exif.c' script. - An error in the 'exif_process_IFD_in_MAKERNOTE' function in 'ext/exif/exif.c' script. - The 'ext/session/session.c' does not properly maintain a certain hash data structure. - An integer overflow in the 'virtual_file_ex' function in 'TSRM/tsrm_virtual_cwd.c' script. - An error in the 'php_url_parse_ex' function in 'ext/standard/url.c' script. Vulnerability Impact: Successfully exploiting this issue may allow attackers to cause a denial of service obtain sensitive information from process memory, or possibly have unspecified other impact. Affected Software/OS: PHP versions before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 on Linux Solution: Update to PHP version 5.5.38, or 5.6.24, or 7.0.9, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-6288 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html BugTraq ID: 92111 http://www.securityfocus.com/bid/92111 http://openwall.com/lists/oss-security/2016/07/24/2 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036430 Common Vulnerability Exposure (CVE) ID: CVE-2016-6289 BugTraq ID: 92074 http://www.securityfocus.com/bid/92074 Debian Security Information: DSA-3631 (Google Search) http://www.debian.org/security/2016/dsa-3631 https://security.gentoo.org/glsa/201611-22 http://fortiguard.com/advisory/fortinet-discovers-php-stack-based-buffer-overflow-vulnerabilities Common Vulnerability Exposure (CVE) ID: CVE-2016-6290 BugTraq ID: 92097 http://www.securityfocus.com/bid/92097 Common Vulnerability Exposure (CVE) ID: CVE-2016-6291 BugTraq ID: 92073 http://www.securityfocus.com/bid/92073 Common Vulnerability Exposure (CVE) ID: CVE-2016-6292 BugTraq ID: 92078 http://www.securityfocus.com/bid/92078 Common Vulnerability Exposure (CVE) ID: CVE-2016-6294 BugTraq ID: 92115 http://www.securityfocus.com/bid/92115 Common Vulnerability Exposure (CVE) ID: CVE-2016-6295 BugTraq ID: 92094 http://www.securityfocus.com/bid/92094 Common Vulnerability Exposure (CVE) ID: CVE-2016-6296 BugTraq ID: 92095 http://www.securityfocus.com/bid/92095 https://lists.debian.org/debian-lts-announce/2019/11/msg00029.html http://www.ubuntu.com/usn/USN-3059-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-6297 BugTraq ID: 92099 http://www.securityfocus.com/bid/92099 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |