PHP CDF File Parsing Denial Of Service Vulnerabilities -01 Jun14 Network Vulnerability

Summary

This host is installed with PHP and is prone to denial of service vulnerabilities.

Impact

Successful exploitation will allow remote attackers to conduct denial of service attacks. Impact Level: Application

Solution

Upgrade to PHP version 5.4.29 or 5.5.13 or later. For updates refer to http://php.net

Insight

The flaw is due to - An error due to an infinite loop within the 'unpack_summary_info' function in src/cdf.c script. - An error within the 'cdf_read_property_info' function in src/cdf.c script.

Affected

PHP version 5.x before 5.4.29 and 5.5.x before 5.5.13

Detection

Get the installed version of PHP with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.com/107559
http://osvdb.com/107560
http://secunia.com/advisories/58804
http://www.php.net/ChangeLog-5.php
https://www.hkcert.org/my_url/en/alert/14060401

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0237, CVE-2014-0238

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
7Media Web Solutions EduTrac Directory Traversal Vulnerability

PHP CDF File Parsing Denial of Service Vulnerabilities -01 Jun14

Take action and discover your vulnerabilities