PHP 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple DoS
High Nessus Network Monitor Plugin ID 8955
SynopsisThe remote web server uses a version of PHP that is affected by multiple vulnerabilities.
DescriptionVersions of PHP 5.5.x earlier than 5.5.27, or 5.6.x earlier than 5.6.11 are vulnerable to the following issues :
A double-free flaw exists in zend_vm_execute.h due to improper handling of certain code. An attacker can exploit this flaw to crash a PHP application, resulting in a denial of service condition. (OSVDB 124413)
- A flaw exists in the parse_ini_file() and parse_ini_string() functions. Due to improper handling of strings that contain a line feed followed by an escape character, an attacker can exploit this to crash a PHP application, resulting in a denial of service condition. (OSVDB 124414)
SolutionUpgrade to PHP version 5.6.11 or later. If 5.6.11 cannot be installed, 5.5.27 is also patched for this vulnerability.