F5 Networks BIG-IP : PHP vulnerability (SOL15169)
Medium Nessus Plugin ID 83477
SynopsisThe remote device is missing a vendor-supplied security patch.
Descriptionext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15169.