| VID |
22829 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.1. It is, therefore, affected by multiple vulnerabilities.
- Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
- Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
- Fixed bug #75525 (Access Violation in vcruntime140.dll).
- Fixed bug #74862 (Unable to clone instance when private __clone defined).
- Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
- Fixed bug #73830 (Directory does not exist).
- Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
- Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
- Fixed bug #75608 ("Narrowing occurred during type inference" error).
- Fixed bug #75579 (Interned strings buffer overflow may cause crash).
- Fixed bug #75570 ("Narrowing occurred during type inference" error).
- Fixed bug #75556 (Invalid opcode 138/1/1).
- Fixed bug #74183 (preg_last_error not returning error code after error).
- Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
- Fixed bug #75511 (fread not free unused buffer).
- Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
- Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
- Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
- Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
- Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
- Fixed bug #75540 (Segfault with libzip 1.3.1).
* References :
http://www.php.net/ChangeLog-7.php#7.2.1
* Platforms Affected:
PHP Prior to 7.2.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (7.2.1 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
