Denial of Service : PHP <= 7.1.5 Multiple DoS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.117799

Categoría: Denial of Service

Título: PHP <= 7.1.5 Multiple DoS Vulnerabilities

Resumen: PHP is prone to multiple denial of service (DoS); vulnerabilities.

Descripción: Summary:
PHP is prone to multiple denial of service (DoS)
vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2017-8923: The zend_string_extend function in Zend/zend_string.h does not prevent changes to
string objects that result in a negative length, which allows remote attackers to cause a denial
of service (application crash) or possibly have unspecified other impact by leveraging a script's
use of .= with a long string.

- CVE-2017-9119: The i_zval_ptr_dtor function in Zend/zend_variables.h allows attackers to cause a
denial of service (memory consumption and application crash) or possibly have unspecified other
impact by triggering crafted operations on array data structures.

Affected Software/OS:
PHP versions through 7.1.5.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-8923
BugTraq ID: 98518
http://www.securityfocus.com/bid/98518
https://bugs.php.net/bug.php?id=74577
Common Vulnerability Exposure (CVE) ID: CVE-2017-9119
BugTraq ID: 98596
http://www.securityfocus.com/bid/98596
https://bugs.php.net/bug.php?id=74593

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.117799
Categoría:	Denial of Service
Título:	PHP <= 7.1.5 Multiple DoS Vulnerabilities
Resumen:	PHP is prone to multiple denial of service (DoS); vulnerabilities.
Descripción:	Summary: PHP is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2017-8923: The zend_string_extend function in Zend/zend_string.h does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. - CVE-2017-9119: The i_zval_ptr_dtor function in Zend/zend_variables.h allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. Affected Software/OS: PHP versions through 7.1.5. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8923 BugTraq ID: 98518 http://www.securityfocus.com/bid/98518 https://bugs.php.net/bug.php?id=74577 Common Vulnerability Exposure (CVE) ID: CVE-2017-9119 BugTraq ID: 98596 http://www.securityfocus.com/bid/98596 https://bugs.php.net/bug.php?id=74593
Copyright	Copyright (C) 2021 Greenbone Networks GmbH