PHP 4.3.10 < 4.4.9 / 5.0.3 < 5.4.36 / 5.5.x < 5.5.20 / 5.6.x < 5.6.4 DoS

Medium Nessus Network Monitor Plugin ID 8922


The remote web server uses a version of PHP that is affected by a denial of service vulnerability.


PHP versions 4.3.10 through 4.4.9, 5.0.3 prior to 5.4.36, 5.5.x prior to 5.5.20, and 5.6.x prior to 5.6.4 are affected by a denial of service vulnerability due to a NULL pointer dereference condition. Specifically, this issue affects the 'var_push_dtor()' function of the 'unserialize.c' source file. This may allow a remote attacker to crash the affected application, denying service to legitimate users. (Bug 68545)


Apply the vendor's patch, or upgrade to the latest version. These issues have been fixed in versions 5.4.36, 5.5.20, 5.6.4 and later.

See Also

Plugin Details

Severity: Medium

ID: 8922

Family: Web Servers

Published: 2015/02/25

Modified: 2018/09/16

Dependencies: 8682, 8728

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 2014/12/18

Vulnerability Publication Date: 2014/12/03

Reference Information

BID: 72491