PHP Multiple Vulnerabilities-01 - Feb15 Network Vulnerability

Summary

This host is installed with PHP and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a denial of service or possibly execute arbitrary code via different crafted dimensions. Impact Level: Application

Solution

Upgrade to PHP version 5.4.37 or 5.5.21 or 5.6.5 or later

Insight

Multiple flaws are due to, - Flaw in the 'exif_process_unicode' function in ext/exif/exif.c script when parsing JPEG EXIF entries. - A use-after-free error in the 'process_nested_data' function in ext/standard/var_unserializer.re script.

Affected

PHP versions 5.4.x before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/116020
http://osvdb.org/117467
https://bugs.php.net/bug.php?id=68710
https://bugs.php.net/bug.php?id=68799

Updated on 2015-03-25

Severity

Classification

CVE CVE-2015-0231, CVE-2015-0232

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Admin News Tools Multiple Vulnerabilities
ASP Inline Corporate Calendar SQL injection
ApPHP MicroBlog Remote Code Execution Vulnerability
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities

Take action and discover your vulnerabilities