Test Kennung:	1.3.6.1.4.1.25623.1.0.809137
Kategorie:	Web application abuses
Titel:	PHP Cross-Site Scripting Vulnerability - Aug16 (Linux)
Zusammenfassung:	PHP is prone to a cross-site scripting (XSS) vulnerability.
Beschreibung:	Summary: PHP is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to the 'sapi_header_op' function in 'main/SAPI.c' script supports deprecated line folding without considering browser compatibility. Vulnerability Impact: Successfully exploiting this issue allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging '%0A%20' or '%0D%0A%20' mishandling in the header function. Affected Software/OS: PHP versions before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 on Linux Solution: Update to PHP version 5.4.38, or 5.5.22, or 5.6.6, or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 92356 Common Vulnerability Exposure (CVE) ID: CVE-2015-8935 http://www.openwall.com/lists/oss-security/2016/06/20/3 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html SuSE Security Announcement: SUSE-SU-2016:2013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2016:1761 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:1922 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.