Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple DoS

High

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.5.x earlier than 5.5.27, or 5.6.x earlier than 5.6.11 are vulnerable to the following issues :

A double-free flaw exists in zend_vm_execute.h due to improper handling of certain code. An attacker can exploit this flaw to crash a PHP application, resulting in a denial of service condition. (OSVDB 124413) - A flaw exists in the parse_ini_file() and parse_ini_string() functions. Due to improper handling of strings that contain a line feed followed by an escape character, an attacker can exploit this to crash a PHP application, resulting in a denial of service condition. (OSVDB 124414)

Solution

Upgrade to PHP version 5.6.11 or later. If 5.6.11 cannot be installed, 5.5.27 is also patched for this vulnerability.