| VID |
22938 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.15. It is, therefore, affected by multiple vulnerabilities.
- A heap-based buffer overflow condition exists in phar_extract_file() function due to incorrect loop termination. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2020-7061)
- A denial of service (DoS) vulnerability exists in PHP SessionUpload Progress functions due to Null Pointer Dereference. An unauthenticated, remote attacker can exploit this issue to cause the php service to stop responding. (CVE-2020-7062)
- An Insecure File Permissions on the buildFromIterator function gives all access permission to Tar files. (CVE-2020-7063)
* References:
http://php.net/ChangeLog-7.php#7.3.15
* Platforms Affected:
PHP Prior to 7.3.15
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (7.3.15 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
CVE-2020-7061,CVE-2020-7062,CVE-2020-7063 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
