| VID |
22790 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.19. It is, therefore, affected by the following vulnerabilities :
- A memory allocation issue exists in the zend_string_extend() function in file Zend/zend_string.h when concatenating strings due to a failure to prevent changes to string objects that result in a negative length. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or possibly other unspecified impact. (CVE-2017-8923)
- A memory allocation issue exists in the i_zval_ptr_dtor() function in Zend/zend_variables.h when allocating large amounts of memory. An unauthenticated, remote attacker can exploit this, via crafted operations on array data structures, to cause a denial of service condition. (CVE-2017-9119)
* references :
http://php.net/ChangeLog-7.php#7.0.19 |
| Recommendation |
Upgrade to the latest version of PHP (7.0.19 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
CVE-2017-8923,CVE-2017-9119 (CVE) |
| Related URL |
98518,98596 (SecurityFocus) |
| Related URL |
(ISS) |
|
