CVE-2016-6288

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.

References

http://git.php.net/?p=php-src.git;a=commit;h=629e4da7cc8b174acdeab84969cbfc606a019b31

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://openwall.com/lists/oss-security/2016/07/24/2

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2016-2750.html

http://www.securityfocus.com/bid/92111

http://www.securitytracker.com/id/1036430

https://bugs.php.net/70480

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-07-25

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.5.37 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
137966EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)NessusHuawei Local Security Checks
critical
132184EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)NessusHuawei Local Security Checks
critical
131592EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)NessusHuawei Local Security Checks
critical
129178EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)NessusHuawei Local Security Checks
critical
119979SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1)NessusSuSE Local Security Checks
critical
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
93856openSUSE Security Update : php5 (openSUSE-2016-1156)NessusSuSE Local Security Checks
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
93589SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2328-1)NessusSuSE Local Security Checks
critical
93367SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2210-1)NessusSuSE Local Security Checks
critical
93293SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)NessusSuSE Local Security Checks
critical
92982openSUSE Security Update : php5 (openSUSE-2016-985)NessusSuSE Local Security Checks
critical
9460PHP 5.5.x < 5.5.38 / 5.6.x < 5.6.24 / 7.0.x < 7.0.9 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
92699Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)NessusUbuntu Local Security Checks
critical
92574FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)NessusFreeBSD Local Security Checks
critical
92554PHP 5.5.x < 5.5.38 Multiple Vulnerabilities (httpoxy)NessusCGI abuses
critical