KLA10514
Multiple vulnerabilities in PHP and plugins
Обновлено: 17/06/2019
Дата обнаружения
30/03/2015
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to inject or execute arbitrary code, bypass security restrictions or cause denial of service.

Below is a complete list of vulnerabilities

  1. Multiple use-after-free vulnerabilities can be exploited remotely via a specially designed call and input and vectors related to Phar archives renaming and;
  2. Improper pathname truncation can be exploited remotely via a specailly designed arguments;
  3. Integer overflow vulnerability can be exploited remotely via a specially designed ZIP archive;
  4. An unknown vulnerability can be exploited remotely via a specially designed GIF image or ELF file;
  5. Heap-based buffer overflow can be exploited remotely via vectors related to dictionaries;
  6. Improper string-length handling can be exploited remotely via a specially designed files.
Пораженные продукты

PHP versions earlier than 5.4.39
PHP 5.5 versions earlier than 5.5.23
PHP 5.6 versions earlier than 5.6.7

Решение

Update to the latest version
Get PHP

Первичный источник обнаружения
PHP changelog
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

CI 
[?]

SB 
[?]
Связанные продукты
PHP
CVE-IDS
CVE-2015-27877.5Critical
CVE-2015-23485.0Critical
CVE-2015-23317.5Critical
CVE-2015-23017.5Critical
CVE-2015-13517.5Critical
CVE-2015-02737.5Critical
CVE-2014-97095.0Critical
CVE-2014-97057.5Critical
CVE-2014-96537.5Critical
CVE-2014-96525.0Critical