 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.809319 |
| Category: | Web application abuses |
| Title: | PHP Multiple Vulnerabilities - 02 (Sep 2016) - Linux |
| Summary: | PHP is prone to multiple vulnerabilities. |
| Description: | Summary: PHP is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - An invalid wddxPacket XML document that is mishandled in a wddx_deserialize call in 'ext/wddx/wddx.c' script. - An error in 'php_wddx_pop_element' function in 'ext/wddx/wddx.c' script. - An error in 'php_wddx_process_data' function in 'ext/wddx/wddx.c' script. - Improper handling of the case of a thumbnail offset that exceeds the file size in 'exif_process_IFD_in_TIFF' function in 'ext/exif/exif.c' script. - Improper validation of gamma values in 'imagegammacorrect' function in 'ext/gd/gd.c' script. - Improper validation of number of colors in 'imagegammacorrect' function in 'ext/gd/gd.c' script. - The script 'ext/session/session.c' skips invalid session names in a way that triggers incorrect parsing. - Improper handling of certain objects in 'ext/standard/var_unserializer.c' script. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to cause a denial of service, to obtain sensitive information from process memory, to inject arbitrary-type session data by leveraging control of a session name. Affected Software/OS: PHP versions prior to 5.6.25 and 7.x before 7.0.10 on Linux Solution: Update to PHP version 5.6.25, or 7.0.10, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7124 BugTraq ID: 92756 http://www.securityfocus.com/bid/92756 https://security.gentoo.org/glsa/201611-22 http://openwall.com/lists/oss-security/2016/09/02/9 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1036680 Common Vulnerability Exposure (CVE) ID: CVE-2016-7125 BugTraq ID: 92552 http://www.securityfocus.com/bid/92552 Common Vulnerability Exposure (CVE) ID: CVE-2016-7126 BugTraq ID: 92755 http://www.securityfocus.com/bid/92755 Common Vulnerability Exposure (CVE) ID: CVE-2016-7127 BugTraq ID: 92757 http://www.securityfocus.com/bid/92757 Common Vulnerability Exposure (CVE) ID: CVE-2016-7128 BugTraq ID: 92564 http://www.securityfocus.com/bid/92564 Common Vulnerability Exposure (CVE) ID: CVE-2016-7129 BugTraq ID: 92758 http://www.securityfocus.com/bid/92758 Common Vulnerability Exposure (CVE) ID: CVE-2016-7130 BugTraq ID: 92764 http://www.securityfocus.com/bid/92764 Common Vulnerability Exposure (CVE) ID: CVE-2016-7131 BugTraq ID: 92768 http://www.securityfocus.com/bid/92768 Common Vulnerability Exposure (CVE) ID: CVE-2016-7132 BugTraq ID: 92767 http://www.securityfocus.com/bid/92767 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |