[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl

RHSA-2016:2750

http://www.php.net/ChangeLog-5.php

http://www.php.net/ChangeLog-7.php

92755

1036680

https://bugs.php.net/bug.php?id=72697

https://github.com/php/php-src/commit/28022c9b1fd937436ab67bb3d61f652c108baf96

https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1

GLSA-201611-22

https://www.tenable.com/security/tns-2016-19

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.10. It is, therefore, affected by multiple vulnerabilities :

 - An overflow condition exists in the curl_escape() function in interface.c due to improper handling of overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

 - An integer overflow condition exists in the zend_mm_realloc_heap() function in zend_alloc.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.

Note that this software is reportedly affected by other vulnerabilities as well that have not been fixed yet in version 7.0.13.

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.25. It is, therefore, affected by multiple vulnerabilities :

 - An unspecified flaw exists in the object_common2() function in var_unserializer.c that occurs when handling objects during deserializaiton. An unauthenticated, remote attacker can exploit this to execute arbitrary code.

 - An integer overflow condition exists in the php_snmp_parse_oid() function in snmp.c. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.

 - An integer truncation flaw exists in the select_colors() function in gd_topal.c that is triggered when handling the number of colors. An unauthenticated, remote attacker can exploit to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.

 - An overflow condition exists in the sql_regcase() function in ereg.c due to improper handling of overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.

 - A NULL pointer dereference flaw exists in the php_wddx_pop_element() function in wddx.c that is triggered during the handling of Base64 binary values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - An unspecified NULL pointer dereference flaw exists in the php_wddx_pop_element() function in wddx.c. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - An integer overflow condition exists in the php_base64_encode() function in base64.c that occurs when handling overly long strings. An unauthenticated, remote attacker can exploit this to execute arbitrary code.

 - A NULL pointer dereference flaw exists in the php_wddx_deserialize_ex() function in wddx.c that occurs during the handling of invalid XML content. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - An integer overflow condition exists in the php_quot_print_encode() function in quot_print.c that occurs when handling overly long strings. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow condition, resulting in the execution of arbitrary code.

 - A use-after-free error exists in the unserialize() function in var.c. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.

 - A flaw exists in the php_ftp_fopen_connect() function in ftp_fopen_wrapper.c that allows a man-in-the-middle attacker to silently downgrade to regular FTP even if a secure method has been requested.

 - A flaw exists in the php_wddx_process_data() function in wddx.c that occurs when deserializing invalid dateTime values. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.

 - A flaw exists in the exif_process_IFD_in_TIFF() function in exif.c that occurs when handling TIFF image content. An unauthenticated, remote attacker can exploit this to disclose memory contents.

 - An integer overflow condition exists in the php_url_encode() function in url.c that occurs when handling overly long strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.

 - An integer overflow condition exists in the php_uuencode() function in uuencode.c. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.

 - An integer overflow condition exists in the bzdecompress() function in bz2.c. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.

 - An indexing flaw exists in the imagegammacorrect() function in gd.c that occurs when handling negative gamma values. An unauthenticated, remote attacker can exploit this to write a NULL to an arbitrary memory location, resulting in a denial of service condition or the execution of arbitrary code.

 - An integer overflow condition exists in the curl_escape() function in interface.c that occurs when handling overly long escaped strings. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code.

 - An unspecified flaw exists in session.c that occurs when handling session names. An unauthenticated, remote attacker can exploit this to inject arbitrary data into sessions.

Note that the scanner has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

This update for php7 fixes the following security issues :

  - CVE-2016-6128: Invalid color index not properly handled     [bsc#987580]

  - CVE-2016-6161: global out of bounds read when encoding     gif from malformed input withgd2togif [bsc#988032]

  - CVE-2016-6292: NULL pointer dereference in     exif_process_user_comment [bsc#991422]

  - CVE-2016-6295: Use after free in SNMP with GC and     unserialize() [bsc#991424]

  - CVE-2016-6297: Stack-based buffer overflow vulnerability     in php_stream_zip_opener [bsc#991426]

  - CVE-2016-6291: Out-of-bounds access in     exif_process_IFD_in_MAKERNOTE [bsc#991427]

  - CVE-2016-6289: Integer overflow leads to buffer overflow     in virtual_file_ex [bsc#991428]

  - CVE-2016-6290: Use after free in unserialize() with     Unexpected Session Deserialization [bsc#991429]

  - CVE-2016-5399: Improper error handling in bzread()     [bsc#991430]

  - CVE-2016-6296: Heap buffer overflow vulnerability in     simplestring_addn in simplestring.c [bsc#991437]

  - CVE-2016-6207: Integer overflow error within
    _gdContributionsAlloc() [bsc#991434]

  - CVE-2016-4473: Invalid free() instead of efree() in     phar_extract_file()

  - CVE-2016-7124: Create an Unexpected Object and Don't     Invoke __wakeup() in Deserialization

  - CVE-2016-7125: PHP Session Data Injection Vulnerability

  - CVE-2016-7126: select_colors write out-of-bounds

  - CVE-2016-7127: imagegammacorrect allowed arbitrary write     access

  - CVE-2016-7128: Memory Leakage In     exif_process_IFD_in_TIFF

  - CVE-2016-7129: wddx_deserialize allowed illegal memory     access

  - CVE-2016-7131: wddx_deserialize null dereference with     invalid xml

  - CVE-2016-7132: wddx_deserialize null dereference in     php_wddx_pop_element

  - CVE-2016-7133: memory allocator fails to realloc small     block to large one

  - CVE-2016-7134: Heap overflow in the function curl_escape

  - CVE-2016-7130: wddx_deserialize null dereference

  - CVE-2016-7413: Use after free in wddx_deserialize

  - CVE-2016-7412: Heap overflow in mysqlnd when not     receiving UNSIGNED_FLAG in BIT field

  - CVE-2016-7417: Missing type check when unserializing     SplArray

  - CVE-2016-7416: Stack based buffer overflow in     msgfmt_format_message

  - CVE-2016-7418: NULL pointer dereference in     php_wddx_push_element

  - CVE-2016-7414: Out of bounds heap read when verifying     signature of zip phar in phar_parse_zipfile

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for php5 fixes the following security issues :

  - CVE-2016-6128: Invalid color index not properly handled     [bsc#987580]

  - CVE-2016-6161: global out of bounds read when encoding     gif from malformed input withgd2togif [bsc#988032]

  - CVE-2016-6292: NULL pointer dereference in     exif_process_user_comment [bsc#991422]

  - CVE-2016-6295: Use after free in SNMP with GC and     unserialize() [bsc#991424]

  - CVE-2016-6297: Stack-based buffer overflow vulnerability     in php_stream_zip_opener [bsc#991426]

  - CVE-2016-6291: Out-of-bounds access in     exif_process_IFD_in_MAKERNOTE [bsc#991427]

  - CVE-2016-6289: Integer overflow leads to buffer overflow     in virtual_file_ex [bsc#991428]

  - CVE-2016-6290: Use after free in unserialize() with     Unexpected Session Deserialization [bsc#991429]

  - CVE-2016-5399: Improper error handling in bzread()     [bsc#991430]

  - CVE-2016-6296: Heap buffer overflow vulnerability in     simplestring_addn in simplestring.c [bsc#991437]

  - CVE-2016-6207: Integer overflow error within
    _gdContributionsAlloc() [bsc#991434]

  - CVE-2014-3587: Integer overflow in the     cdf_read_property_info affecting SLES11 SP3 [bsc#987530]

  - CVE-2016-6288: Buffer over-read in php_url_parse_ex     [bsc#991433]

  - CVE-2016-7124: Create an Unexpected Object and Don't     Invoke __wakeup() in Deserialization

  - CVE-2016-7125: PHP Session Data Injection Vulnerability

  - CVE-2016-7126: select_colors write out-of-bounds

  - CVE-2016-7127: imagegammacorrect allowed arbitrary write     access

  - CVE-2016-7128: Memory Leakage In     exif_process_IFD_in_TIFF

  - CVE-2016-7129: wddx_deserialize allowed illegal memory     access

  - CVE-2016-7130: wddx_deserialize null dereference

  - CVE-2016-7131: wddx_deserialize null dereference with     invalid xml

  - CVE-2016-7132: wddx_deserialize null dereference in     php_wddx_pop_element

  - CVE-2016-7134: Heap overflow in the function curl_escape

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP :

  - An unspecified flaw exists in the object_common2()     function in var_unserializer.c that occurs when handling     objects during deserialization. An unauthenticated,     remote attacker can exploit this to execute arbitrary     code. (CVE-2016-7124)

  - An unspecified flaw exists in session.c that occurs     when handling session names. An unauthenticated, remote     attacker can exploit this to inject arbitrary data into     sessions. (CVE-2016-7125)

  - An integer truncation flaw exists in the select_colors()     function in gd_topal.c that is triggered when handling     the number of colors. An unauthenticated, remote     attacker can exploit to cause a heap-based buffer     overflow, resulting in the execution of arbitrary code.
    (CVE-2016-7126)

  - An indexing flaw exists in the imagegammacorrect()     function in gd.c that occurs when handling negative     gamma values. An unauthenticated, remote attacker can     exploit this to write a NULL to an arbitrary memory     location, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2016-7127)

  - A flaw exists in the exif_process_IFD_in_TIFF() function     in exif.c that occurs when handling TIFF image content.
    An unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2016-7128)

  - A flaw exists in the php_wddx_process_data() function in     wddx.c that occurs when deserializing invalid dateTime     values. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition.
    (CVE-2016-7129)

  - A NULL pointer dereference flaw exists in the     php_wddx_pop_element() function in wddx.c that is     triggered during the handling of Base64 binary values.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7130)

  - A NULL pointer dereference flaw exists in the     php_wddx_deserialize_ex() function in wddx.c that occurs     during the handling of invalid XML content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7131)

  - An unspecified NULL pointer dereference flaw exists in     the php_wddx_pop_element() function in wddx.c. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. CVE-2016-7132)

  - An integer overflow condition exists in the     php_snmp_parse_oid() function in snmp.c. An     unauthenticated, remote attacker can exploit this to     cause a heap-based buffer overflow, resulting in the     execution of arbitrary code.

  - An overflow condition exists in the sql_regcase()     function in ereg.c due to improper handling of overly     long strings. An unauthenticated, remote attacker     can exploit this to corrupt memory, resulting in the     execution of arbitrary code.

  - An integer overflow condition exists in the     php_base64_encode() function in base64.c that occurs     when handling overly long strings. An unauthenticated,     remote attacker can exploit this to execute arbitrary     code.

  - An integer overflow condition exists in the     php_quot_print_encode() function in quot_print.c that     occurs when handling overly long strings. An     unauthenticated, remote attacker can exploit this to     cause a heap-based buffer overflow condition, resulting     in the execution of arbitrary code.

  - A use-after-free error exists in the unserialize()     function in var.c. An unauthenticated, remote attacker     can exploit this to dereference already freed memory,     resulting in the execution of arbitrary code.

  - A flaw exists in the php_ftp_fopen_connect() function in     ftp_fopen_wrapper.c that allows a man-in-the-middle     attacker to silently downgrade to regular FTP even if a     secure method has been requested.

  - An integer overflow condition exists in the     php_url_encode() function in url.c that occurs when     handling overly long strings. An unauthenticated, remote     attacker can exploit this to corrupt memory, resulting     in the execution of arbitrary code.

  - An integer overflow condition exists in the     php_uuencode() function in uuencode.c. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code.

  - An integer overflow condition exists in the     bzdecompress() function in bz2.c. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in the execution of arbitrary code.

  - An integer overflow condition exists in the     curl_escape() function in interface.c that occurs when     handling overly long escaped strings. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists in x509_vfy.c     due to improper handling of certificate revocation lists     (CRLs). An unauthenticated, remote attacker can exploit     this, via a specially crafted CRL, to cause a NULL     pointer dereference, resulting in a crash of the     service. (CVE-2016-7052)

  - A cross-site scripting (XSS) vulnerability exists within     the JQuery UI dialog() function due to improper     validation of input to the 'closeText' parameter before     returning it to users. An unauthenticated, remote     attacker can exploit this, via a specially crafted     request, to execute arbitrary script code in a user's     browser session. (CVE-2016-7103)

  - A denial of service vulnerability exists in PHP within     file ext/standard/var_unserializer.c due to improper     handling of certain invalid objects. An unauthenticated,     remote attacker can exploit this, via specially crafted     serialized data that leads to a __destruct() or magic()     function call, to cause a denial of service condition or     potentially execute arbitrary code. (CVE-2016-7124)

  - A flaw exists in PHP in file ext/session/session.c when     handling session names. An unauthenticated, remote     attacker can exploit this to inject arbitrary data into     sessions. (CVE-2016-7125)

  - An integer truncation error exists in PHP in the     select_colors() function in file ext/gd/libgd/gd_topal.c     when handling the number of colors. An unauthenticated,     remote attacker can exploit this to cause a heap-based     buffer overflow, resulting in the execution of arbitrary     code. (CVE-2016-7126)

  - An array-indexing error exists in PHP in the     imagegammacorrect() function within file ext/gd/gd.c     when handling negative gamma values. An unauthenticated,     remote attacker can exploit this, by writing a NULL to     an arbitrary memory location, to cause a crash or the     execution of arbitrary code. (CVE-2016-7127)

  - A flaw exists in PHP in the exif_process_IFD_in_TIFF()     function within file ext/exif/exif.c when handling TIFF     image content. An unauthenticated, remote attacker can     exploit this to disclose memory contents.
    (CVE-2016-7128)

  - A denial of service vulnerability exists in PHP in the     php_wddx_process_data() function within file     ext/wddx/wddx.c when deserializing invalid dateTime     values. An unauthenticated, remote attacker can exploit     this to cause a crash. (CVE-2016-7129)

  - A NULL pointer dereference flaw exists in PHP in the     php_wddx_pop_element() function within file     ext/wddx/wddx.c when handling Base64 binary values. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7130)

  - A NULL pointer dereference flaw exists in PHP in the     php_wddx_deserialize_ex() function within file     ext/wddx/wddx.c when handling invalid XML content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7131)

  - A NULL pointer dereference flaw exists in PHP in the     php_wddx_pop_element() function within file     ext/wddx/wddx.c. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition.
    (CVE-2016-7132)

  - A buffer overflow condition exists in PHP in file     ext/mysqlnd/mysqlnd_wireprotocol.c within the     php_mysqlnd_rowp_read_text_protocol_aux() function when     handling the BIT field. An unauthenticated, remote     attacker can exploit this to cause a heap-based buffer     overflow, resulting in a crash or the execution of     arbitrary code. (CVE-2016-7412)

  - A use-after-free error exists in PHP in the     wddx_stack_destroy() function within file     ext/wddx/wddx.c when deserializing recordset elements.
    An unauthenticated, remote attacker can exploit this to     dereference already freed memory, resulting in the     execution of arbitrary code. (CVE-2016-7413)

  - An out-of-bounds access error exists in PHP in the     phar_parse_zipfile() function within file ext/phar/zip.c     when handling the uncompressed file size. An     unauthenticated, remote attacker can exploit this to     have an unspecified impact. (CVE-2016-7414)

  - Multiple stack-based buffer overflow conditions exist in     the International Components for Unicode for C/C++     (ICU4C) component in the msgfmt_format_message()     function within file common/locid.cpp when handling     locale strings. An unauthenticated, remote attacker can     exploit these, via a long locale string, to cause a     denial of service condition or the execution of     arbitrary code. (CVE-2016-7415, CVE-2016-7416)

  - A flaw exists in PHP within file ext/spl/spl_array.c,     specifically in the spl_array_get_dimension_ptr_ptr()     function during the deserialization of SplArray, due to     improper validation of types. An unauthenticated, remote     attacker can exploit this to cause a crash or other     unspecified impact. (CVE-2016-7417)

  - An out-of-bounds read error exists in PHP in the     php_wddx_push_element() function within file     ext/wddx/wddx.c. An unauthenticated, remote attacker     can exploit this to cause a crash or the disclosure     of memory contents. (CVE-2016-7418)

  - A use-after-free error exists in PHP within the     unserialize() function in file ext/curl/curl_file.c. An     unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2016-9137)

  - An integer overflow condition exists in PHP in the     php_snmp_parse_oid() function in file ext/snmp/snmp.c.
    An unauthenticated, remote attacker can exploit this to     cause a heap-based buffer overflow, resulting in the     execution of arbitrary code.

  - An integer overflow condition exists in PHP in the     sql_regcase() function within file ext/ereg/ereg.c when     handling overly long strings. An unauthenticated, remote     attacker can exploit this to corrupt memory, resulting     in the execution of arbitrary code.

  - An integer overflow condition exists in PHP in the     php_base64_encode() function within file     ext/standard/base64.c when handling overly long     strings. An unauthenticated, remote attacker can exploit     this to corrupt memory, resulting in the execution of     arbitrary code.

  - An integer overflow condition exists in PHP in the     php_quot_print_encode() function within file     ext/standard/quot_print.c when handling overly long     strings. An unauthenticated, remote attacker can     exploit this to cause a heap-based buffer overflow,     resulting in the execution of arbitrary code.

  - A use-after-free error exists in PHP in the     unserialize() function within file ext/standard/var.c.
    An unauthenticated, remote attacker can exploit this to     dereference already freed memory, resulting in the     execution of arbitrary code.

  - A flaw exists in PHP in the php_ftp_fopen_connect()     function within file ext/standard/ftp_fopen_wrapper.c     due to silently downgrading to regular FTP even if a     secure method has been requested. A man-in-the-middle     (MitM) attacker can exploit this to downgrade the FTP     communication.

  - An integer overflow condition exists in PHP in the     php_url_encode() function within file ext/standard/url.c     when handling overly long strings. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in the execution of arbitrary code.

  - An integer overflow condition exists in PHP in the     php_uuencode() function in file ext/standard/uuencode.c.
    An unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code.

  - An integer overflow condition exists in PHP in the     bzdecompress() function within file ext/bz2/bz2.c. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code.

  - An integer overflow condition exists in PHP in the     curl_escape() function within file ext/curl/interface.c     when handling overly long escaped strings. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code.

  - An out-of-bounds access error exists in PHP in file     ext/phar/tar.c, specifically in the phar_parse_tarfile()     function during the verification of signatures. An     unauthenticated, remote attacker can exploit this to     have an unspecified impact.

  - A flaw exists in PHP when destroying deserialized     objects due to improper validation of certain     unspecified input. An unauthenticated, remote attacker     can exploit this to corrupt memory, resulting in a     denial of service condition or the execution of     arbitrary code.

  - An integer overflow condition exists in PHP within the     fgetcsv() function due to improper validation of CSV     field lengths. An unauthenticated, remote attacker can     exploit this to corrupt memory, resulting in a denial of     service condition or the execution of arbitrary code.

  - An integer overflow condition exists in PHP in the     wordwrap() function within file ext/standard/string.c     due to improper validation of certain unspecified input.
    An unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in a denial of service     condition or the execution of arbitrary code.

  - An integer overflow condition exists in PHP in the     fgets() function within file ext/standard/file.c due to     improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in a denial of service     condition or the execution of arbitrary code.

  - An integer overflow condition exists in PHP in the     xml_utf8_encode() function within file ext/xml/xml.c due     to improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit this to     cause an unspecified impact.

  - A flaw exists in PHP in the exif_process_IFD_in_TIFF()     function within file ext/exif/exif.c when handling     uninitialized thumbnail data. An unauthenticated, remote     attacker can exploit this to disclose memory contents.

  - A flaw exists in PHP due to the parse_url() function     returning the incorrect host. An unauthenticated, remote     attacker can exploit this to bypass authentication or to     conduct open redirection and server-side request forgery     attacks, depending on how the function is implemented.

  - A NULL pointer dereference flaw exists in PHP in the     SimpleXMLElement::asXML() function within file     ext/simplexml/simplexml.c. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition.

  - An heap buffer overflow condition exists in PHP in the     php_ereg_replace() function within file ext/ereg/ereg.c     due to improper validation of certain unspecified input.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code.

  - A flaw exists in PHP in file ext/openssl/openssl.c     within the openssl_random_pseudo_bytes() function when     handling strings larger than 2GB. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition.

  - A flaw exists in PHP in the openssl_encrypt() function     within file ext/openssl/openssl.c when handling strings     larger than 2GB. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition.

  - An integer overflow condition exists in PHP in the     imap_8bit() function within file ext/imap/php_imap.c due     to improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in a denial of service     condition or the execution of arbitrary code.

  - A flaw exists in PHP in the _bc_new_num_ex() function     within file ext/bcmath/libbcmath/src/init.c when     handling values passed via the 'scale' parameter. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition.

  - A flaw exists in PHP in the php_resolve_path() function     within file main/fopen_wrappers.c when handling negative     size values passed via the 'filename' parameter. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition.

  - A flaw exists in PHP in the dom_document_save_html()     function within file ext/dom/document.c due to missing     NULL checks. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition.

  - An integer overflow condition exists in PHP in the     mb_encode_*() function in file ext/mbstring/mbstring.c     due to improper validation of the length of encoded     data. An unauthenticated, remote attacker can exploit     this to corrupt memory, resulting in a denial of service     condition or the execution of arbitrary code.

  - A NULL pointer dereference flaw exists in PHP in the     CachingIterator() function within file     ext/spl/spl_iterators.c when handling string conversion.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition.

  - An integer overflow condition exists in PHP in the     number_format() function within file ext/standard/math.c     when handling 'decimals' and 'dec_point' parameters with     values equal or close to 0x7FFFFFFF. An unauthenticated,     remote attacker can exploit this to cause a heap-based     buffer overflow, resulting in a denial of service     condition or the execution of arbitrary code.

  - A overflow condition exists in PHP within file     ext/intl/resourcebundle/resourcebundle_class.c,     specifically in functions ResourceBundle::create() and     ResourceBundle::getLocales(), due to improper validation     of input passed via the 'bundlename' parameter. An     unauthenticated, remote attacker can exploit this to     cause a stack-based buffer overflow, resulting in a     denial of service condition or the execution of     arbitrary code.

  - An integer overflow condition exists in PHP in the     php_pcre_replace_impl() function within file     ext/pcre/php_pcre.c due to improper validation of     certain unspecified input. An unauthenticated, remote     attacker can exploit this to cause a heap-based buffer     overflow, resulting in a denial of service condition or     the execution of arbitrary code.

  - An integer overflow condition exists in PHP in the
    _php_imap_mail() function in file ext/imap/php_imap.c     when handling overly long strings. An unauthenticated,     remote attacker can exploit this to cause a heap-based     buffer overflow, resulting in a denial of service     condition or the execution of arbitrary code.

  - A flaw exists in PHP in the bzcompress() function when     handling overly long strings. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition.

  - An integer overflow condition exists in PHP in the     gdImageAALine() function within file ext/gd/libgd/gd.c     due to improper validation of line limit values.
    An unauthenticated, remote attacker can exploit this to     cause an out-of-bounds write or read, resulting in a     denial of service condition, the disclosure of memory     contents, or the execution of arbitrary code.

  - Multiple stored cross-site scripting (XSS)     vulnerabilities exist in unspecified scripts due to     improper validation of input before returning it to     users. An unauthenticated, remote attacker can exploit     these, via a specially crafted request, to execute     arbitrary script code in a user's browser session.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201611-22 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       CVE identifiers referenced below for details.
  Impact :

    An attacker can possibly execute arbitrary code or create a Denial of       Service condition.
  Workaround :

    There is no known workaround at this time.

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.26, which includes additional bug fixes. Please refer to the upstream changelog for more information :

  - https://php.net/ChangeLog-5.php#5.6.25
  - https://php.net/ChangeLog-5.php#5.6.26

This update for php53 fixes the following security issues :

  - CVE-2016-7124: Create an Unexpected Object and Don't     Invoke __wakeup() in Deserialization

  - CVE-2016-7125: PHP Session Data Injection Vulnerability

  - CVE-2016-7126: select_colors write out-of-bounds

  - CVE-2016-7127: imagegammacorrect allowed arbitrary write     access

  - CVE-2016-7128: Memory Leakage In     exif_process_IFD_in_TIFF

  - CVE-2016-7129: wddx_deserialize allows illegal memory     access

  - CVE-2016-7130: wddx_deserialize null dereference

  - CVE-2016-7131: wddx_deserialize null dereference with     invalid xml

  - CVE-2016-7132: wddx_deserialize null dereference in     php_wddx_pop_element

  - CVE-2016-7411: php5: Memory corruption when destructing     deserialized object

  - CVE-2016-7412: Heap overflow in mysqlnd when not     receiving UNSIGNED_FLAG in BIT field

  - CVE-2016-7413: Use after free in wddx_deserialize

  - CVE-2016-7414: Out of bounds heap read when verifying     signature of zip phar in phar_parse_zipfile

  - CVE-2016-7416: Stack based buffer overflow in     msgfmt_format_message

  - CVE-2016-7417: Missing type check when unserializing     SplArray

  - CVE-2016-7418: NULL pointer dereference in     php_wddx_push_element

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for php5 fixes the following security issues :

  - CVE-2016-6128: Invalid color index not properly handled     [bsc#987580]

  - CVE-2016-6161: global out of bounds read when encoding     gif from malformed input withgd2togif [bsc#988032]

  - CVE-2016-6292: NULL pointer dereference in     exif_process_user_comment [bsc#991422]

  - CVE-2016-6295: Use after free in SNMP with GC and     unserialize() [bsc#991424]

  - CVE-2016-6297: Stack-based buffer overflow vulnerability     in php_stream_zip_opener [bsc#991426]

  - CVE-2016-6291: Out-of-bounds access in     exif_process_IFD_in_MAKERNOTE [bsc#991427]

  - CVE-2016-6289: Integer overflow leads to buffer overflow     in virtual_file_ex [bsc#991428]

  - CVE-2016-6290: Use after free in unserialize() with     Unexpected Session Deserialization [bsc#991429]

  - CVE-2016-5399: Improper error handling in bzread()     [bsc#991430]

  - CVE-2016-6296: Heap buffer overflow vulnerability in     simplestring_addn in simplestring.c [bsc#991437]

  - CVE-2016-6207: Integer overflow error within
    _gdContributionsAlloc() [bsc#991434]

  - CVE-2014-3587: Integer overflow in the     cdf_read_property_info affecting SLES11 SP3 [bsc#987530]

  - CVE-2016-6288: Buffer over-read in php_url_parse_ex     [bsc#991433]

  - CVE-2016-7124: Create an Unexpected Object and Don't     Invoke __wakeup() in Deserialization

  - CVE-2016-7125: PHP Session Data Injection Vulnerability

  - CVE-2016-7126: select_colors write out-of-bounds

  - CVE-2016-7127: imagegammacorrect allowed arbitrary write     access

  - CVE-2016-7128: Memory Leakage In     exif_process_IFD_in_TIFF

  - CVE-2016-7129: wddx_deserialize allowed illegal memory     access

  - CVE-2016-7130: wddx_deserialize null dereference

  - CVE-2016-7131: wddx_deserialize null dereference with     invalid xml

  - CVE-2016-7132: wddx_deserialize null dereference in     php_wddx_pop_element

  - CVE-2016-7134: Heap overflow in the function curl_escape

This update was imported from the SUSE:SLE-12:Update update project.

Versions of PHP 5.6.x prior to 5.6.25 and 7.0.x prior to 7.0.10 are vulnerable to the following issues :

 - An uninitialized memory use flaw exists in the 'openssl_seal()' method. This may allow a remote attacker to potentially execute arbitrary code.
 - A use-after-free error exists in 'SPL_METHOD(SplObjectStorage)' in 'ext/spl/spl_observer.c'. The issue is triggered when handling unserialize calls. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists related to certificate validation in the 'ftp_ssl_connect()' function. The issue is due to the server hostname not being verified to match a domain name in the 'Subject's Common Name' (CN) or 'SubjectAltName' field of the X.509 certificate. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
 - An overflow condition exists in the 'curl_escape()' function in 'ext/curl/interface.c' that is triggered when handling overly long strings. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code.
 - A flaw exists in the 'object_common2()' function in 'ext/standard/var_unserializer.c' that is triggered when handling objects during unserialization. This may allow a remote attacker to potentially execute arbitrary code.
 - An integer overflow condition exists in the 'php_snmp_parse_oid()' function in 'ext/snmp/snmp.c'. This may allow a remote attacker to cause a heap-based buffer overflow and potentially execute arbitrary code.
 - An integer truncation flaw exists in the 'select_colors()' function in 'ext/gd/libgd/gd_topal.c' that is triggered when handling the number of colors. This may allow a remote attacker to cause a heap-based buffer overflow and potentially execute arbitrary code.
 - An integer overflow condition exists in the 'sql_regcase()' function in 'ext/ereg/ereg.c' that is triggered when handling overly long strings. This may allow a remote attacker to corrupt memory and potentially execute arbitrary code.
 - A NULL pointer dereference flaw exists in the 'php_wddx_pop_element()' function in 'ext/wddx/wddx.c' that is triggered during the handling of Base64 binary values. This may allow a remote attacker to cause a denial of service.
 - A NULL pointer dereference flaw exists in the 'php_wddx_pop_element()' function in 'ext/wddx/wddx.c'. This may allow a remote attacker to cause a denial of service.
 - An integer overflow condition exists in the 'php_base64_encode()' function in 'ext/standard/base64.c' that is triggered when handling overly long strings. This may allow a remote attacker to corrupt memory and potentially execute arbitrary code.
 - A NULL pointer dereference flaw exists in the 'php_wddx_deserialize_ex()' function in 'ext/wddx/wddx.c' that is triggered during the handling of invalid XML content. This may allow a remote attacker to cause a denial of service.
 - An integer overflow condition exists in the 'php_quot_print_encode()' function in 'ext/standard/quot_print.c' that is triggered when handling overly long strings. This may allow a remote attacker to cause a heap-based buffer overflow and potentially execute arbitrary code.
 - A use-after-free error exists in the 'unserialize()' function in 'ext/standard/var.c'. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'php_ftp_fopen_connect()' function in 'ext/standard/ftp_fopen_wrapper.c' as it may silently downgrade to regular FTP even if a secure method has been requested. This may allow a Man-in-the-Middle (MitM) attacker to downgrade the FTP communication.
 - A flaw exists in the 'php_wddx_process_data()' function in 'ext/wddx/wddx.c' that is triggered when deserializing invalid dateTime values. This may allow a remote attacker to cause a crash.
 - A flaw exists in the 'exif_process_IFD_in_TIFF()' function in 'ext/exif/exif.c' that is triggered when handling TIFF image content. This may allow a remote attacker to disclose memory contents.
 - An integer overflow condition exists in the 'php_url_encode()' function in 'ext/standard/url.c' that is triggered when handling overly long strings. This may allow a remote attacker to corrupt memory and potentially execute arbitrary code.
 - An integer overflow condition exists in the 'php_uuencode()' function in 'ext/standard/uuencode.c'. This may allow a remote attacker to corrupt memory and potentially execute arbitrary code.
 - An integer overflow condition exists in the 'bzdecompress()' function in 'ext/bz2/bz2.c'. This may allow a remote attacker to corrupt memory and potentially execute arbitrary code.
 - An integer overflow condition exists in the 'zend_mm_realloc_heap()' function in 'Zend/zend_alloc.c' that is triggered as certain input is not properly validated. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
 - An array indexing flaw exists in the 'imagegammacorrect()' function in 'ext/gd/gd.c' that is triggered when handling negative gamma values. This may allow a remote attacker to write a NULL to an arbitrary memory location, causing a crash or potentially allowing the execution of arbitrary code.
 - An integer overflow condition exists in the 'curl_escape()' function in 'ext/curl/interface.c' that is triggered when handling overly long escaped strings. This may allow a remote attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'ext/session/session.c' that is triggered when handling session names. This may allow a remote attacker to inject arbitrary data into sessions.

This update for php5 fixes the following security issues :

  - CVE-2016-7124: Create an Unexpected Object and Don't     Invoke __wakeup() in Deserialization

  - CVE-2016-7125: PHP Session Data Injection Vulnerability

  - CVE-2016-7126: select_colors write out-of-bounds

  - CVE-2016-7127: imagegammacorrect allowed arbitrary write     access

  - CVE-2016-7128: Memory Leakage In     exif_process_IFD_in_TIFF

  - CVE-2016-7129: wddx_deserialize allowed illegal memory     access

  - CVE-2016-7130: wddx_deserialize null dereference

  - CVE-2016-7131: wddx_deserialize null dereference with     invalid xml

  - CVE-2016-7132: wddx_deserialize null dereference in     php_wddx_pop_element

  - CVE-2016-7134: Heap overflow in the function curl_escape

This update for php53 fixes the following security issues :

  - CVE-2014-3587: Integer overflow in the     cdf_read_property_info affecting SLES11 SP3 [bsc#987530]

  - CVE-2016-6297: Stack-based buffer overflow vulnerability     in php_stream_zip_opener [bsc#991426]

  - CVE-2016-6291: Out-of-bounds access in     exif_process_IFD_in_MAKERNOTE [bsc#991427]

  - CVE-2016-6289: Integer overflow leads to buffer overflow     in virtual_file_ex [bsc#991428]

  - CVE-2016-6290: Use after free in unserialize() with     Unexpected Session Deserialization [bsc#991429]

  - CVE-2016-5399: Improper error handling in bzread()     [bsc#991430]

  - CVE-2016-6288: Buffer over-read in php_url_parse_ex     [bsc#991433]

  - CVE-2016-6296: Heap buffer overflow vulnerability in     simplestring_addn in simplestring.c [bsc#991437]

  - CVE-2016-7124: Create an Unexpected Object and Don't     Invoke __wakeup() in Deserialization

  - CVE-2016-7125: PHP Session Data Injection Vulnerability

  - CVE-2016-7126: select_colors write out-of-bounds

  - CVE-2016-7127: imagegammacorrect allowed arbitrary write     access

  - CVE-2016-7128: Memory Leakage In     exif_process_IFD_in_TIFF

  - CVE-2016-7129: wddx_deserialize allows illegal memory     access

  - CVE-2016-7130: wddx_deserialize null dereference

  - CVE-2016-7131: wddx_deserialize null dereference with     invalid xml

  - CVE-2016-7132: wddx_deserialize null dereference in     php_wddx_pop_element

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New php packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix security issues.

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.10. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the object_common2()     function in var_unserializer.c that occurs when handling     objects during deserialization. An unauthenticated,     remote attacker can exploit this to execute arbitrary     code. (CVE-2016-7124)

  - An unspecified flaw exists in session.c that occurs     when handling session names. An unauthenticated, remote     attacker can exploit this to inject arbitrary data into     sessions. (CVE-2016-7125)

  - An integer truncation flaw exists in the select_colors()     function in gd_topal.c that is triggered when handling     the number of colors. An unauthenticated, remote     attacker can exploit to cause a heap-based buffer     overflow, resulting in the execution of arbitrary code.
    (CVE-2016-7126)

  - An indexing flaw exists in the imagegammacorrect()     function in gd.c that occurs when handling negative     gamma values. An unauthenticated, remote attacker can     exploit this to write a NULL to an arbitrary memory     location, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2016-7127)

  - A flaw exists in the exif_process_IFD_in_TIFF() function     in exif.c that occurs when handling TIFF image content.
    An unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2016-7128)

  - A flaw exists in the php_wddx_process_data() function in     wddx.c that occurs when deserializing invalid dateTime     values. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition.
    (CVE-2016-7129)

  - A NULL pointer dereference flaw exists in the     php_wddx_pop_element() function in wddx.c that is     triggered during the handling of Base64 binary values.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7130)

  - A NULL pointer dereference flaw exists in the     php_wddx_deserialize_ex() function in wddx.c that occurs     during the handling of invalid XML content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7131)

  - An unspecified NULL pointer dereference flaw exists in     the php_wddx_pop_element() function in wddx.c. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7132)

   - An integer overflow condition exists in the      zend_mm_realloc_heap() function in zend_alloc.c due to      improper validation of user-supplied input. An      unauthenticated, remote attacker can exploit this to      cause a buffer overflow, resulting in a denial of      service condition or the execution of arbitrary code.
     (CVE-2016-7133)

  - An overflow condition exists in the curl_escape()     function in interface.c due to improper handling of     overly long strings. An unauthenticated, remote attacker     can exploit this to cause a heap-based buffer overflow,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2016-7134)

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.25. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the object_common2()     function in var_unserializer.c that occurs when handling     objects during deserialization. An unauthenticated,     remote attacker can exploit this to execute arbitrary     code. (CVE-2016-7124)

  - An unspecified flaw exists in session.c that occurs     when handling session names. An unauthenticated, remote     attacker can exploit this to inject arbitrary data into     sessions. (CVE-2016-7125)

  - An integer truncation flaw exists in the select_colors()     function in gd_topal.c that is triggered when handling     the number of colors. An unauthenticated, remote     attacker can exploit to cause a heap-based buffer     overflow, resulting in the execution of arbitrary code.
    (CVE-2016-7126)

  - An indexing flaw exists in the imagegammacorrect()     function in gd.c that occurs when handling negative     gamma values. An unauthenticated, remote attacker can     exploit this to write a NULL to an arbitrary memory     location, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2016-7127)

  - A flaw exists in the exif_process_IFD_in_TIFF() function     in exif.c that occurs when handling TIFF image content.
    An unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2016-7128)

  - A flaw exists in the php_wddx_process_data() function in     wddx.c that occurs when deserializing invalid dateTime     values. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition.
    (CVE-2016-7129)

  - A NULL pointer dereference flaw exists in the     php_wddx_pop_element() function in wddx.c that is     triggered during the handling of Base64 binary values.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7130)

  - A NULL pointer dereference flaw exists in the     php_wddx_deserialize_ex() function in wddx.c that occurs     during the handling of invalid XML content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-7131)

  - An unspecified NULL pointer dereference flaw exists in     the php_wddx_pop_element() function in wddx.c. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. CVE-2016-7132)

  - An integer overflow condition exists in the     php_snmp_parse_oid() function in snmp.c. An     unauthenticated, remote attacker can exploit this to     cause a heap-based buffer overflow, resulting in the     execution of arbitrary code.

  - An overflow condition exists in the sql_regcase()     function in ereg.c due to improper handling of overly     long strings. An unauthenticated, remote attacker     can exploit this to corrupt memory, resulting in the     execution of arbitrary code.

  - An integer overflow condition exists in the     php_base64_encode() function in base64.c that occurs     when handling overly long strings. An unauthenticated,     remote attacker can exploit this to execute arbitrary     code.

  - An integer overflow condition exists in the     php_quot_print_encode() function in quot_print.c that     occurs when handling overly long strings. An     unauthenticated, remote attacker can exploit this to     cause a heap-based buffer overflow condition, resulting     in the execution of arbitrary code.

  - A use-after-free error exists in the unserialize()     function in var.c. An unauthenticated, remote attacker     can exploit this to dereference already freed memory,     resulting in the execution of arbitrary code.

  - A flaw exists in the php_ftp_fopen_connect() function in     ftp_fopen_wrapper.c that allows a man-in-the-middle     attacker to silently downgrade to regular FTP even if a     secure method has been requested.

  - An integer overflow condition exists in the     php_url_encode() function in url.c that occurs when     handling overly long strings. An unauthenticated, remote     attacker can exploit this to corrupt memory, resulting     in the execution of arbitrary code.

  - An integer overflow condition exists in the     php_uuencode() function in uuencode.c. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code.

  - An integer overflow condition exists in the     bzdecompress() function in bz2.c. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in the execution of arbitrary code.

  - An integer overflow condition exists in the     curl_escape() function in interface.c that occurs when     handling overly long escaped strings. An     unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
98834	PHP 7.0.x < 7.0.10 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
98815	PHP 5.6.x < 5.6.25 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	high
119981	SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)	Nessus	SuSE Local Security Checks	high
119979	SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2408-1)	Nessus	SuSE Local Security Checks	high
101047	Tenable SecurityCenter PHP < 5.6.25 Multiple Vulnerabilities (TNS-2016-09)	Nessus	Misc.	high
96832	Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)	Nessus	Misc.	high
95421	GLSA-201611-22 : PHP: Multiple vulnerabilities (httpoxy)	Nessus	Gentoo Local Security Checks	high
93914	Debian DSA-3689-1 : php5 - security update	Nessus	Debian Local Security Checks	high
93894	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1)	Nessus	SuSE Local Security Checks	high
93856	openSUSE Security Update : php5 (openSUSE-2016-1156)	Nessus	SuSE Local Security Checks	high
9551	PHP 5.6.x < 5.6.25 / 7.0.x < 7.0.10 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
93597	openSUSE Security Update : php5 (openSUSE-2016-1095)	Nessus	SuSE Local Security Checks	high
93589	SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2328-1)	Nessus	SuSE Local Security Checks	high
93384	Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-252-01)	Nessus	Slackware Local Security Checks	high
93078	PHP 7.0.x < 7.0.10 Multiple Vulnerabilities	Nessus	CGI abuses	high
93077	PHP 5.6.x < 5.6.25 Multiple Vulnerabilities	Nessus	CGI abuses	high

CVE-2016-7126

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins