| VID |
22740 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.25. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the object_common2() function in var_unserializer.c that occurs when handling objects during deserializaiton.
- An integer overflow condition exists in the php_snmp_parse_oid() function in snmp.c.
- An integer truncation flaw exists in the select_colors() function in gd_topal.c that is triggered when handling the number of colors.
- An overflow condition exists in the sql_regcase() function in ereg.c due to improper handling of overly long strings.
- A NULL pointer dereference flaw exists in the php_wddx_pop_element() function in wddx.c that is triggered during the handling of Base64 binary values.
- An unspecified NULL pointer dereference flaw exists in the php_wddx_pop_element() function in wddx.c.
- An integer overflow condition exists in the php_base64_encode() function in base64.c that occurs when handling overly long strings.
- A NULL pointer dereference flaw exists in the php_wddx_deserialize_ex() function in wddx.c that occurs during the handling of invalid XML content.
- An integer overflow condition exists in the php_quot_print_encode() function in quot_print.c that occurs when handling overly long strings.
- A use-after-free error exists in the unserialize() function in var.c.
- A flaw exists in the php_ftp_fopen_connect() function in ftp_fopen_wrapper.c that allows a man-in-the-middle attacker to silently downgrade to regular FTP even if a secure method has been requested.
- A flaw exists in the php_wddx_process_data() function in wddx.c that occurs when deserializing invalid dateTime values.
- A flaw exists in the exif_process_IFD_in_TIFF() function in exif.c that occurs when handling TIFF image content.
- An integer overflow condition exists in the php_url_encode() function in url.c that occurs when handling overly long strings.
- An integer overflow condition exists in the php_uuencode() function in uuencode.c.
- An integer overflow condition exists in the bzdecompress() function in bz2.c.
- An indexing flaw exists in the imagegammacorrect() function in gd.c that occurs when handling negative gamma values.
- An integer overflow condition exists in the curl_escape() function in interface.c that occurs when handling overly long escaped strings.
- An unspecified flaw exists in session.c that occurs when handling session names.
* Note: This check solely relied on the version number of the remote PHP to assess this vulnerability, so this might be a false positive.
* References:
http://php.net/ChangeLog-5.php#5.6.25
* Platforms Affected:
PHP Prior to 5.6.25
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (5.6.25 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
