Test ID:	1.3.6.1.4.1.25623.1.0.117799
Category:	Denial of Service
Title:	PHP <= 7.1.5 Multiple DoS Vulnerabilities
Summary:	PHP is prone to multiple denial of service (DoS); vulnerabilities.
Description:	Summary: PHP is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2017-8923: The zend_string_extend function in Zend/zend_string.h does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. - CVE-2017-9119: The i_zval_ptr_dtor function in Zend/zend_variables.h allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. Affected Software/OS: PHP versions through 7.1.5. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-8923 BugTraq ID: 98518 http://www.securityfocus.com/bid/98518 https://bugs.php.net/bug.php?id=74577 Common Vulnerability Exposure (CVE) ID: CVE-2017-9119 BugTraq ID: 98596 http://www.securityfocus.com/bid/98596 https://bugs.php.net/bug.php?id=74593
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.