VID |
22828 |
Severity |
30 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by multiple vulnerabilities.
- Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
- Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
- Fixed bug #74862 (Unable to clone instance when private __clone defined).
- Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
- Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
- Fixed bug #73830 (Directory does not exist).
- Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
- Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
- Fixed bug #75608 ("Narrowing occurred during type inference" error).
- Fixed bug #75579 (Interned strings buffer overflow may cause crash).
- Fixed bug #75570 ("Narrowing occurred during type inference" error).
- Fixed bug #74183 (preg_last_error not returning error code after error).
- Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
- Fixed bug #75511 (fread not free unused buffer).
- Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
- Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
- Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
- Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
- Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
- Fixed bug #75540 (Segfault with libzip 1.3.1).
* References : http://www.php.net/ChangeLog-7.php#7.1.13
* Platforms Affected: PHP Prior to 7.1.13 Any operating system Any version |
Recommendation |
Upgrade to the latest version of PHP (7.1.13 or later), available from the PHP web site at http://www.php.net/downloads.php |
Related URL |
(CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|