PHP 5.5.x < 5.5.8 Multiple Vulnerabilities
Medium Nessus Plugin ID 71928
SynopsisThe remote web server uses a version of PHP that is potentially affected by multiple vulnerabilities.
DescriptionAccording to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.8. It is, therefore, potentially affected by the following vulnerabilities :
- A heap-based buffer overflow error exists in the file 'ext/date/lib/parse_iso_intervals.c' related to handling DateInterval objects that could allow denial of service attacks. (CVE-2013-6712)
- An integer overflow error exists in the function 'exif_process_IFD_TAG' in the file 'ext/exif/exif.c' that could allow denial of service attacks or arbitrary memory reads. (Bug #65873)
- A use-after-free error exists in the function 'do_soap_call' in the file 'ext/soap/soap.c' related to 'typemap' values and error handling and having unspecified impact. (Bug #66112)
Note that this plugin does not attempt to exploit the vulnerabilities, but instead relies only on PHP's self-reported version number.
SolutionUpgrade to PHP version 5.5.8 or later.