Test ID:	1.3.6.1.4.1.25623.1.0.804884
Category:	Web application abuses
Title:	PHP 'donate' function Denial of Service Vulnerability (Nov 2014)
Summary:	PHP is prone to a denial of service (DoS) vulnerability.
Description:	Summary: PHP is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an out-of-bounds read error in the 'donote' function in readelf.c script. Vulnerability Impact: Successful exploitation will allow a local attacker to conduct a denial of service attack. Affected Software/OS: PHP versions 5.4.x before 5.4.35, 5.5.x before 5.5.19 and 5.6.x before 5.6.3 Solution: Update to PHP version 5.4.35 or 5.5.19 or 5.6.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3710 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 70807 http://www.securityfocus.com/bid/70807 Debian Security Information: DSA-3072 (Google Search) http://www.debian.org/security/2014/dsa-3072 FreeBSD Security Advisory: FreeBSD-SA-14:28 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc https://security.gentoo.org/glsa/201503-03 https://security.gentoo.org/glsa/201701-42 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2014:1767 http://rhn.redhat.com/errata/RHSA-2014-1767.html RedHat Security Advisories: RHSA-2014:1768 http://rhn.redhat.com/errata/RHSA-2014-1768.html RedHat Security Advisories: RHSA-2016:0760 http://rhn.redhat.com/errata/RHSA-2016-0760.html http://www.securitytracker.com/id/1031344 http://secunia.com/advisories/60630 http://secunia.com/advisories/60699 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://secunia.com/advisories/61982 http://secunia.com/advisories/62347 http://secunia.com/advisories/62559 SuSE Security Announcement: openSUSE-SU-2014:1516 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html http://www.ubuntu.com/usn/USN-2391-1 http://www.ubuntu.com/usn/USN-2494-1
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.