| VID |
22907 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.7. It is, therefore, affected by multiple vulnerabilities:
- A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue exists due to an incomplete fix for CVE-2014-8142. (Bug 68594 / CVE-2015-0231)
- A heap-based buffer overflow error exists in function 'regcomp' in the Henry Spencer regex library due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service or to execute arbitrary code. (Bug 69248 / CVE-2015-2305)
- An integer overflow error exists in the '_zip_cdir_new' function, due to improper validation of user-supplied input. An attacker, using a crafted ZIP archive, can exploit this to cause a denial of service or to execute arbitrary code. (Bug 69253 / CVE-2015-2331)
- A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (Bug 69207 / CVE-2015-2348)
- A use-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (Bug 68976 / CVE-2015-2787)
- A type confusion flaw exists in the __call() method and do_soap_call() function in SoapClient that is triggered when handling arrays. This may allow a remote attacker to execute arbitrary code. (CVE-2015-4147, CVE-2015-4148)
* References:
https://bugs.php.net/bug.php?id=68594
https://bugs.php.net/bug.php?id=69248
https://bugs.php.net/bug.php?id=69253
https://bugs.php.net/bug.php?id=69207
https://bugs.php.net/bug.php?id=68976
http://www.php.net/ChangeLog-5.php#5.6.7
* Platforms Affected:
PHP Prior to 5.6.7
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (5.6.7 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
CVE-2015-0231,CVE-2015-2787,CVE-2015-2305,CVE-2015-2331,CVE-2015-2348,CVE-2015-4147,CVE-2015-4148 (CVE) |
| Related URL |
72539,73182,73357,73381,73383,73385,73431,73434,75103 (SecurityFocus) |
| Related URL |
(ISS) |
|
