Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.120450
Category:Amazon Linux Local Security Checks
Title:Amazon Linux: Security Advisory (ALAS-2015-464)
Summary:The remote host is missing an update announced via the referenced Security Advisory.
Description:Summary:
The remote host is missing an update announced via the referenced Security Advisory.

Vulnerability Insight:
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 .

Solution:
Run yum update php55 to update your system.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-8142
BugTraq ID: 71791
http://www.securityfocus.com/bid/71791
Debian Security Information: DSA-3117 (Google Search)
http://www.debian.org/security/2014/dsa-3117
https://security.gentoo.org/glsa/201503-03
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: SSRT102066
RedHat Security Advisories: RHSA-2015:1053
http://rhn.redhat.com/errata/RHSA-2015-1053.html
RedHat Security Advisories: RHSA-2015:1066
http://rhn.redhat.com/errata/RHSA-2015-1066.html
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
Common Vulnerability Exposure (CVE) ID: CVE-2004-1019
Bugtraq: 20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 (Google Search)
http://marc.info/?l=bugtraq&m=110314318531298&w=2
https://bugzilla.fedora.us/show_bug.cgi?id=2344
HPdes Security Advisory: HPSBMA01212
http://www.securityfocus.com/advisories/9028
http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
http://www.hardened-php.net/advisories/012004.txt
http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511
http://www.redhat.com/support/errata/RHSA-2004-687.html
http://www.redhat.com/support/errata/RHSA-2005-032.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
SuSE Security Announcement: SUSE-SA:2005:002 (Google Search)
http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html
XForce ISS Database: php-unserialize-code-execution(18514)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18514
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.