Denial of Service : PHP Multiple Denial of Service Vulnerabilities - 02 (Jan 2017)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.108055

Kategorie: Denial of Service

Titel: PHP Multiple Denial of Service Vulnerabilities - 02 (Jan 2017) - Windows

Zusammenfassung: PHP is prone to multiple denial of service (DoS) vulnerabilities.;; This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows'; (OID: 1.3.6.1.4.1.25623.1.0.108053).

Beschreibung: Summary:
PHP is prone to multiple denial of service (DoS) vulnerabilities.

This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows'
(OID: 1.3.6.1.4.1.25623.1.0.108053).

Vulnerability Insight:
Multiple flaws are due to

- A integer overflow in the phar_parse_pharfile function in ext/phar/phar.c
via a truncated manifest entry in a PHAR archive.

- A off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c
via a crafted PHAR archive with an alias mismatch.

Vulnerability Impact:
Successfully exploiting this issue allow
remote attackers to cause a denial of service (memory consumption or application crash).

Affected Software/OS:
PHP versions before 5.6.30 and 7.0.x before 7.0.15

Solution:
Update to PHP version 5.6.30, 7.0.15 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-10159
BugTraq ID: 95774
http://www.securityfocus.com/bid/95774
Debian Security Information: DSA-3783 (Google Search)
http://www.debian.org/security/2017/dsa-3783
https://security.gentoo.org/glsa/201702-29
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1037659
Common Vulnerability Exposure (CVE) ID: CVE-2016-10160
BugTraq ID: 95783
http://www.securityfocus.com/bid/95783

Copyright Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.108055
Kategorie:	Denial of Service
Titel:	PHP Multiple Denial of Service Vulnerabilities - 02 (Jan 2017) - Windows
Zusammenfassung:	PHP is prone to multiple denial of service (DoS) vulnerabilities.;; This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows'; (OID: 1.3.6.1.4.1.25623.1.0.108053).
Beschreibung:	Summary: PHP is prone to multiple denial of service (DoS) vulnerabilities. This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows' (OID: 1.3.6.1.4.1.25623.1.0.108053). Vulnerability Insight: Multiple flaws are due to - A integer overflow in the phar_parse_pharfile function in ext/phar/phar.c via a truncated manifest entry in a PHAR archive. - A off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c via a crafted PHAR archive with an alias mismatch. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service (memory consumption or application crash). Affected Software/OS: PHP versions before 5.6.30 and 7.0.x before 7.0.15 Solution: Update to PHP version 5.6.30, 7.0.15 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10159 BugTraq ID: 95774 http://www.securityfocus.com/bid/95774 Debian Security Information: DSA-3783 (Google Search) http://www.debian.org/security/2017/dsa-3783 https://security.gentoo.org/glsa/201702-29 RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1037659 Common Vulnerability Exposure (CVE) ID: CVE-2016-10160 BugTraq ID: 95783 http://www.securityfocus.com/bid/95783
Copyright	Copyright (C) 2017 Greenbone AG