Test ID:	1.3.6.1.4.1.25623.1.0.813519
Category:	Web application abuses
Title:	QNAP QTS Multiple PHP Vulnerabilities-June18
Summary:	QNAP QTS is prone to multiple vulnerabilities.
Description:	Summary: QNAP QTS is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to - - The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the multiple patterns with named subgroups. - An error in the date extension's 'timelib_meridian' handling of 'front of' and 'back of' directives. - An input validation error on the PHAR 404 error page via the URI of a request for a .phar file. - An integer signedness error in gd_gif_in.c in the GD Graphics Library (aka libgd). Vulnerability Impact: Successful exploitation will allow remote attackers to access sensitive information on the NAS, launch denial-of-service (DoS), or Cross-Site-Scripting (XSS) attacks. Affected Software/OS: QNAP QTS versions 4.3.3 build 20180126 and earlier, 4.3.4 build 20180215 and earlier. Solution: Upgrade to QNAP QTS 4.3.3 build 20180402 or 4.3.4 build 20180315 or later. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1283 BugTraq ID: 79825 http://www.securityfocus.com/bid/79825 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html https://security.gentoo.org/glsa/201607-02 RedHat Security Advisories: RHSA-2016:1132 https://access.redhat.com/errata/RHSA-2016:1132 http://www.securitytracker.com/id/1034555 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110 Common Vulnerability Exposure (CVE) ID: CVE-2018-5711 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/ https://security.gentoo.org/glsa/201903-18 https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 RedHat Security Advisories: RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:2519 https://usn.ubuntu.com/3755-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5712 BugTraq ID: 102742 http://www.securityfocus.com/bid/102742 BugTraq ID: 104020 http://www.securityfocus.com/bid/104020 https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html http://www.securitytracker.com/id/1040363 https://usn.ubuntu.com/3566-1/ https://usn.ubuntu.com/3600-1/ https://usn.ubuntu.com/3600-2/
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.