| VID |
22827 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by multiple vulnerabilities.
- Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
- Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
- Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
- Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
- Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
- Fixed bug #75579 (Interned strings buffer overflow may cause crash).
- Fixed bug #74183 (preg_last_error not returning error code after error).
- Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
- Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
- Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
- Fixed bug #75540 (Segfault with libzip 1.3.1).
* References :
http://www.php.net/ChangeLog-7.php#7.0.27
* Platforms Affected:
PHP Prior to 7.0.27
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (7.0.27 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
