VID |
22924 |
Severity |
30 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.30. It is, therefore, affected by the following vulnerabilities: - An uninitialized vulnerability exists in gdImageCreateFromXbm due to sscanf method not being able to read a hex value. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11038) - An out of bounds read vulnerability exists in iconv.c:_php_iconv_mime_decode() due to integer overflow. An attacker may be able exploit this issue, to cause the disclose of sensitive information. (CVE-2019-11039) - A heap-based buffer overflow condition exists on php_jpg_get16. An attacker can exploit this, to cause a denial of service condition or the execution of arbitrary code. (CVE-2019-11040)
* References: http://php.net/ChangeLog-7.php#7.1.30
* Platforms Affected: PHP Prior to 7.1.30 Any operating system Any version |
Recommendation |
Upgrade to the latest version of PHP (7.1.30 or later), available from the PHP web site at http://www.php.net/downloads.php |
Related URL |
CVE-2019-11038,CVE-2019-11039,CVE-2019-11040 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|