Denial of Service : PHP Zend and GD Multiple Denial of Service Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801586

Categoría: Denial of Service

Título: PHP Zend and GD Multiple Denial of Service Vulnerabilities

Resumen: PHP is prone to multiple denial of service vulnerabilities.

Descripción: Summary:
PHP is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- An use-after-free error in the 'Zend' engine, which allows remote attackers
to cause a denial of service.

- A stack-based buffer overflow in the 'GD' extension, which allows attackers
to cause a denial of service.

Vulnerability Impact:
Successful exploitation could allow local attackers to crash the affected
application, denying service to legitimate users.

Affected Software/OS:
PHP version prior to 5.2.15 and 5.3.x before 5.3.4

Solution:
Update to PHP 5.3.5 or later

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4697
BugTraq ID: 45952
http://www.securityfocus.com/bid/45952
HPdes Security Advisory: HPSBOV02763
http://marc.info/?l=bugtraq&m=133469208622507&w=2
HPdes Security Advisory: SSRT100826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12528
XForce ISS Database: php-zendengine-code-execution(65310)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65310
Common Vulnerability Exposure (CVE) ID: CVE-2010-4698
BugTraq ID: 45338
http://www.securityfocus.com/bid/45338
http://seclists.org/fulldisclosure/2010/Dec/180
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11939

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801586
Categoría:	Denial of Service
Título:	PHP Zend and GD Multiple Denial of Service Vulnerabilities
Resumen:	PHP is prone to multiple denial of service vulnerabilities.
Descripción:	Summary: PHP is prone to multiple denial of service vulnerabilities. Vulnerability Insight: The flaws are due to: - An use-after-free error in the 'Zend' engine, which allows remote attackers to cause a denial of service. - A stack-based buffer overflow in the 'GD' extension, which allows attackers to cause a denial of service. Vulnerability Impact: Successful exploitation could allow local attackers to crash the affected application, denying service to legitimate users. Affected Software/OS: PHP version prior to 5.2.15 and 5.3.x before 5.3.4 Solution: Update to PHP 5.3.5 or later CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4697 BugTraq ID: 45952 http://www.securityfocus.com/bid/45952 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12528 XForce ISS Database: php-zendengine-code-execution(65310) https://exchange.xforce.ibmcloud.com/vulnerabilities/65310 Common Vulnerability Exposure (CVE) ID: CVE-2010-4698 BugTraq ID: 45338 http://www.securityfocus.com/bid/45338 http://seclists.org/fulldisclosure/2010/Dec/180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11939
Copyright	Copyright (C) 2011 Greenbone Networks GmbH