PHP 4.3.10 < 4.4.9 / 5.0.3 < 5.4.36 / 5.5.x < 5.5.20 / 5.6.x < 5.6.4 DoS
Medium Nessus Network Monitor Plugin ID 8922
SynopsisThe remote web server uses a version of PHP that is affected by a denial of service vulnerability.
DescriptionPHP versions 4.3.10 through 4.4.9, 5.0.3 prior to 5.4.36, 5.5.x prior to 5.5.20, and 5.6.x prior to 5.6.4 are affected by a denial of service vulnerability due to a NULL pointer dereference condition. Specifically, this issue affects the 'var_push_dtor()' function of the 'unserialize.c' source file. This may allow a remote attacker to crash the affected application, denying service to legitimate users. (Bug 68545)
SolutionApply the vendor's patch, or upgrade to the latest version. These issues have been fixed in versions 5.4.36, 5.5.20, 5.6.4 and later.