Denial of Service : PHP Multiple Denial of Service Vulnerabilities - 02 (Jan 2017)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.108055

Categoría: Denial of Service

Título: PHP Multiple Denial of Service Vulnerabilities - 02 (Jan 2017) - Windows

Resumen: PHP is prone to multiple denial of service (DoS) vulnerabilities.;; This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows'; (OID: 1.3.6.1.4.1.25623.1.0.108053).

Descripción: Summary:
PHP is prone to multiple denial of service (DoS) vulnerabilities.

This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows'
(OID: 1.3.6.1.4.1.25623.1.0.108053).

Vulnerability Insight:
Multiple flaws are due to

- A integer overflow in the phar_parse_pharfile function in ext/phar/phar.c
via a truncated manifest entry in a PHAR archive.

- A off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c
via a crafted PHAR archive with an alias mismatch.

Vulnerability Impact:
Successfully exploiting this issue allow
remote attackers to cause a denial of service (memory consumption or application crash).

Affected Software/OS:
PHP versions before 5.6.30 and 7.0.x before 7.0.15

Solution:
Update to PHP version 5.6.30, 7.0.15 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-10159
BugTraq ID: 95774
http://www.securityfocus.com/bid/95774
Debian Security Information: DSA-3783 (Google Search)
http://www.debian.org/security/2017/dsa-3783
https://security.gentoo.org/glsa/201702-29
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1037659
Common Vulnerability Exposure (CVE) ID: CVE-2016-10160
BugTraq ID: 95783
http://www.securityfocus.com/bid/95783

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.108055
Categoría:	Denial of Service
Título:	PHP Multiple Denial of Service Vulnerabilities - 02 (Jan 2017) - Windows
Resumen:	PHP is prone to multiple denial of service (DoS) vulnerabilities.;; This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows'; (OID: 1.3.6.1.4.1.25623.1.0.108053).
Descripción:	Summary: PHP is prone to multiple denial of service (DoS) vulnerabilities. This VT has been deprecated and merged into the VT 'PHP Multiple Vulnerabilities (Jan 2017 - 02) - Windows' (OID: 1.3.6.1.4.1.25623.1.0.108053). Vulnerability Insight: Multiple flaws are due to - A integer overflow in the phar_parse_pharfile function in ext/phar/phar.c via a truncated manifest entry in a PHAR archive. - A off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c via a crafted PHAR archive with an alias mismatch. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service (memory consumption or application crash). Affected Software/OS: PHP versions before 5.6.30 and 7.0.x before 7.0.15 Solution: Update to PHP version 5.6.30, 7.0.15 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10159 BugTraq ID: 95774 http://www.securityfocus.com/bid/95774 Debian Security Information: DSA-3783 (Google Search) http://www.debian.org/security/2017/dsa-3783 https://security.gentoo.org/glsa/201702-29 RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1037659 Common Vulnerability Exposure (CVE) ID: CVE-2016-10160 BugTraq ID: 95783 http://www.securityfocus.com/bid/95783
Copyright	Copyright (C) 2017 Greenbone AG