Korean

<< Back VID 22965 Severity 30 Port 80, ... Protocol TCP Class CGI Detailed Description The version of PHP installed on the remote host is 7.4.x prior to 7.4.13. It is, therefore, affected by multiple vulnerabilities as specified by the changelogs of the respective fixed releases. - Core: Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date). Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors). - COM: Fixed bug #62474 (com_event_sink crashes on certain arguments). - DOM: Fixed bug #80268 (loadHTML() truncates at NUL bytes). - IMAP: Fixed bug #64076 (imap_sort() does not return FALSE on failure). Fixed bug #76618 (segfault on imap_reopen). Fixed bug #80239 (imap_rfc822_write_address() leaks memory). Fixed minor regression caused by fixing bug #80220. Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822). - Intl: Fixed bug #80310 (ext-intl with icu4c 68.1: use of undeclared identifier 'TRUE'). - ODBC: Fixed bug #44618 (Fetching may rely on uninitialized data). - SNMP: Fixed bug #70461 (disable md5 code when it is not supported in net-snmp). - Standard: Fixed bug #80266 (parse_url silently drops port number 0). - FFI: Fixed bug #79177 (FFI doesn't handle well PHP exceptions within callback). - MySQLi: Fixed bug #79375 (mysqli_store_result does not report error from lock wait timeout). Fixed bug #76525 (mysqli::commit does not throw if MYSQLI_REPORT_ERROR enabled and mysqlnd used). Fixed bug #72413 (mysqlnd segfault (fetch_row second parameter typemismatch)). - Opcache: Fixed bug #79643 (PHP with Opcache crashes when a file with specific name is included). Fixed run-time binding of preloaded dynamically declared function. - OpenSSL: Fixed bug #79983 (openssl_encrypt / openssl_decrypt fail with OCB mode). - PDO MySQL: Fixed bug #66528 (No PDOException or errorCode if database becomes unavailable before PDO::commit). Fixed bug #65825 (PDOStatement::fetch() does not throw exception on broken server connection). * References: https://www.php.net/ChangeLog-7.php#7.4.13 * Platforms Affected: PHP Prior to 7.4.13 Any operating system Any version Recommendation Upgrade to the latest version of PHP (7.4.13 or later), available from the PHP web site at http://www.php.net/downloads.php Related URL (CVE) Related URL (SecurityFocus) Related URL (ISS)