 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.809318 |
| Kategorie: | Web application abuses |
| Titel: | PHP Multiple Vulnerabilities - 02 - Sep16 (Windows) |
| Zusammenfassung: | PHP is prone to multiple vulnerabilities. |
| Beschreibung: | Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - An invalid wddxPacket XML document that is mishandled in a wddx_deserialize call in 'ext/wddx/wddx.c' script. - An error in 'php_wddx_pop_element' function in 'ext/wddx/wddx.c' script. - An error in 'php_wddx_process_data' function in 'ext/wddx/wddx.c' script. - Improper handling of the case of a thumbnail offset that exceeds the file size in 'exif_process_IFD_in_TIFF' function in 'ext/exif/exif.c' script. - Improper validation of gamma values in 'imagegammacorrect' function in 'ext/gd/gd.c' script. - Improper validation of number of colors in 'imagegammacorrect' function in 'ext/gd/gd.c' script. - The script 'ext/session/session.c' skips invalid session names in a way that triggers incorrect parsing. - Improper handling of certain objects in 'ext/standard/var_unserializer.c' script. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service, to obtain sensitive information from process memory, to inject arbitrary-type session data by leveraging control of a session name. Affected Software/OS: PHP versions prior to 5.6.25 and 7.x before 7.0.10 on Windows Solution: Update to PHP version 5.6.25, or 7.0.10, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
BugTraq ID: 92756 BugTraq ID: 92552 BugTraq ID: 92755 BugTraq ID: 92757 BugTraq ID: 92564 BugTraq ID: 92758 Common Vulnerability Exposure (CVE) ID: CVE-2016-7124 http://www.securityfocus.com/bid/92756 https://security.gentoo.org/glsa/201611-22 http://openwall.com/lists/oss-security/2016/09/02/9 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036680 Common Vulnerability Exposure (CVE) ID: CVE-2016-7125 http://www.securityfocus.com/bid/92552 Common Vulnerability Exposure (CVE) ID: CVE-2016-7126 http://www.securityfocus.com/bid/92755 Common Vulnerability Exposure (CVE) ID: CVE-2016-7127 http://www.securityfocus.com/bid/92757 Common Vulnerability Exposure (CVE) ID: CVE-2016-7128 http://www.securityfocus.com/bid/92564 Common Vulnerability Exposure (CVE) ID: CVE-2016-7129 http://www.securityfocus.com/bid/92758 Common Vulnerability Exposure (CVE) ID: CVE-2016-7130 BugTraq ID: 92764 http://www.securityfocus.com/bid/92764 Common Vulnerability Exposure (CVE) ID: CVE-2016-7131 BugTraq ID: 92768 http://www.securityfocus.com/bid/92768 Common Vulnerability Exposure (CVE) ID: CVE-2016-7132 BugTraq ID: 92767 http://www.securityfocus.com/bid/92767 |
| Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |