Уязвимости Угрозы

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10515
Multiple vulnerabilities in PHP and extensions

Обновлено: 03/06/2020
Дата обнаружения
 30/03/2015
Уровень угрозы
 Critical
Описание

Multiple serious vulnerabilities have been found in PHP and extensions. Malicious users can exploit these vulnerabilities to cause denial of service or inject code.

Below is a complete list of vulnerabilities

  1. Multiple integer overflows can be exploited remotely via a specially designed year value;
  2. Lack of tokens validation can be exploited remotely via a specially designed name;
  3. Improper tmp drectory addres containing can be exploited locally via a file manipulations.
Пораженные продукты

PHP versions 5.6.7 and possibly earlier
PHP extensions calendar and pgsql
Решение

These vulnerabilities aren’t mitigated by vendor. You can protect yourself with disabling some functionality.
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

CI 
[?]

SB 
[?]
Связанные продукты
 PHP
CVE-IDS
CVE-2015-23317.5Critical
CVE-2015-02317.5Critical
CVE-2015-23056.8High
Узнай статистику распространения уязвимостей в твоем регионе
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up