New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionPHP process crashes when processing an invalid file with the 'phar' extension. (CVE-2015-5589)
As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability.
PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue.
A flaw was discovered in the way PHP performed object unserialization.
Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
(CVE-2015-6831 , CVE-2015-6832)
A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-6833)
SolutionRun 'yum update php54' to update your system.