CVE-2016-6296

HIGH

Description

Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.

ID	Name	Product	Family	Severity
98855	PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)	Web Application Scanning	Component Vulnerability	critical
98814	PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)	Web Application Scanning	Component Vulnerability	high
119981	SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)	Nessus	SuSE Local Security Checks	high
119979	SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1)	Nessus	SuSE Local Security Checks	high
99915	EulerOS 2.0 SP2 : php (EulerOS-SA-2017-1068)	Nessus	Huawei Local Security Checks	high
99914	EulerOS 2.0 SP1 : php (EulerOS-SA-2017-1067)	Nessus	Huawei Local Security Checks	high
95421	GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)	Nessus	Gentoo Local Security Checks	high
9620	Mac OS X 10.x < 10.12 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
93856	openSUSE Security Update : php5 (openSUSE-2016-1156)	Nessus	SuSE Local Security Checks	high
93685	macOS < 10.12 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
93589	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2328-1)	Nessus	SuSE Local Security Checks	high
93568	Debian DLA-628-1 : php5 security update	Nessus	Debian Local Security Checks	high
93367	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2210-1)	Nessus	SuSE Local Security Checks	high
93293	SUSE SLES11 Security Update : php5 (SUSE-SU-2016:2080-1)	Nessus	SuSE Local Security Checks	high
92982	openSUSE Security Update : php5 (openSUSE-2016-985)	Nessus	SuSE Local Security Checks	high
92868	Ubuntu 16.04 LTS : xmlrpc-epi vulnerability (USN-3059-1)	Nessus	Ubuntu Local Security Checks	high
9460	PHP 5.5.x < 5.5.38 / 5.6.x < 5.6.24 / 7.0.x < 7.0.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
92699	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)	Nessus	Ubuntu Local Security Checks	high
92633	Debian DLA-569-1 : xmlrpc-epi security update	Nessus	Debian Local Security Checks	high
92574	FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)	Nessus	FreeBSD Local Security Checks	high
92573	Debian DSA-3631-1 : php5 - security update (httpoxy)	Nessus	Debian Local Security Checks	high
92556	PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)	Nessus	CGI abuses	critical
92555	PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)	Nessus	CGI abuses	high
92554	PHP 5.5.x < 5.5.38 Multiple Vulnerabilities (httpoxy)	Nessus	CGI abuses	high

CVE-2016-6296

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0