F5 Networks BIG-IP : PHP vulnerability (K64412100)
High Nessus Plugin ID 97424
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionMultiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. (CVE-2016-4073)
An attacker may access unauthorized information, run arbitrary code, or cause a disruption of service. In default configurations, the BIG-IP system is not vulnerable; however, the vulnerability can be exposed through custom PHP scripts.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K64412100.