 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.812520 |
| Category: | Web application abuses |
| Title: | PHP 'PHP-FPM' Denial of Service Vulnerability - Linux |
| Summary: | PHP is prone to a denial of service (DoS) vulnerability. |
| Description: | Summary: PHP is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw exists due to the php-fpm master process restarts a child process in an endless loop when using program execution functions with a non-blocking STDIN stream. Vulnerability Impact: Successfully exploitation will allow an attacker to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. Affected Software/OS: PHP versions 5.x up to and including 5.6.36. All 7.0.x versions, 7.1.x before 7.1.20, 7.2.x before 7.2.8 and 7.3.x before 7.3.0alpha3 on Windows. Solution: Update to PHP 7.1.20, 7.2.8 or 7.3.0alpha3. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-9253 https://bugs.php.net/bug.php?id=70185 https://bugs.php.net/bug.php?id=75968 https://www.futureweb.at/security/CVE-2015-9253/ https://usn.ubuntu.com/3766-1/ https://usn.ubuntu.com/4279-1/ |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |