PHP Multiple Vulnerabilities

Last Update Date: 2 Jun 2015 09:50 Release Date: 2 Jun 2015 3658 Views

RISK: Medium Risk

Medium Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in PHP. A remote user can bypass security controls, cause denial of service conditions, and execute arbitrary code on the target system.

  1. The set_include_path(), tempnam(), rmdir(), and readlink() functions accept a null value ('/0') in a path. A remote user may be able to supply a specially crafted value to bypass security controls based on path values.
  2. A remote user can send a specially crafted request to trigger a flaw in the parsing of multipart HTTP POST requests to consume excessive CPU resources on the target system.
  3. A remote user can create a specially crafted Phar archive that, when processed by the target application, will trigger an integer underflow in phar_parse_tarfile() and cause the application to potentially execute arbitrary code.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Prior to versions 5.4.41, 5.5.25, 5.6.9

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (5.4.41, 5.5.25, 5.6.9).

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple iOS Notification Unicode Character Processing Vulnerability

28 May 2015 5244 Views

Next

OpenSSL Double Free Memory Vulnerability

5 Jun 2015 3948 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY