Test ID:	1.3.6.1.4.1.25623.1.0.805409
Category:	Web application abuses
Title:	PHP Multiple Vulnerabilities - 01 (Jan 2015)
Summary:	PHP is prone to multiple vulnerabilities.
Description:	Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly. - Integer overflow in the object_custom function in ext/standard/var _unserializer.c in PHP. - Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service or possibly execute arbitrary code via different crafted dimensions. Affected Software/OS: PHP versions 5.4.x before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 Solution: Update to PHP version 5.4.34 or 5.5.18 or 5.6.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3670 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BugTraq ID: 70665 http://www.securityfocus.com/bid/70665 Debian Security Information: DSA-3064 (Google Search) http://www.debian.org/security/2014/dsa-3064 RedHat Security Advisories: RHSA-2014:1765 http://rhn.redhat.com/errata/RHSA-2014-1765.html RedHat Security Advisories: RHSA-2014:1766 http://rhn.redhat.com/errata/RHSA-2014-1766.html RedHat Security Advisories: RHSA-2014:1767 http://rhn.redhat.com/errata/RHSA-2014-1767.html RedHat Security Advisories: RHSA-2014:1768 http://rhn.redhat.com/errata/RHSA-2014-1768.html RedHat Security Advisories: RHSA-2014:1824 http://rhn.redhat.com/errata/RHSA-2014-1824.html http://secunia.com/advisories/59967 http://secunia.com/advisories/60630 http://secunia.com/advisories/60699 http://secunia.com/advisories/61763 http://secunia.com/advisories/61970 http://secunia.com/advisories/61982 SuSE Security Announcement: openSUSE-SU-2014:1377 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html SuSE Security Announcement: openSUSE-SU-2014:1391 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html SuSE Security Announcement: openSUSE-SU-2015:0014 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html http://www.ubuntu.com/usn/USN-2391-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3669 BugTraq ID: 70611 http://www.securityfocus.com/bid/70611 Common Vulnerability Exposure (CVE) ID: CVE-2014-3668 BugTraq ID: 70666 http://www.securityfocus.com/bid/70666
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.