Detections
Analytics
PHP 5.5.x < 5.5.34 / 5.6.x < 5.6.20 / 7.0.x < 7.0.5 Multiple Vulnerabilities
critical Nessus Network Monitor Plugin ID 9171
Synopsis
The remote web server uses a version of PHP that is affected by multiple vulnerabilities.Description
Versions of PHP 5.5.x prior to 5.5.34, or 5.6.x prior to 5.6.20, or 7.0.x prior to 7.0.5 are vulnerable to the following issues :- A format string flaw exists in the 'php_snmp_error()' function in 'ext/snmp/snmp.c'. The issue is triggered as string format specifiers (e.g. %s and %x) are not properly used. With a specially crafted SNMP object, a remote attacker can cause a denial of service or potentially execute arbitrary code.
- An invalid memory write is triggered when handling the path of phar filenames. This may allow a remote attacker to have an unspecified impact.
- A flaw exists in the 'mbfl_strcut()' function in 'ext/mbstring/libmbfl/mbfl/mbfilter.c'. This issue is triggered when handling negative sz values. This may allow a remote attacker to cause a crash.
- An integer overflow condition exists in the 'php_raw_url_encode()' function in 'ext/standard/url.c'. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to have an unspecified impact.
Solution
Upgrade to PHP version 7.0.5 or later. If 7.x cannot be obtained, 5.6.20 and 5.5.34 are also patched for these vulnerabilities.See Also
http://www.php.net/ChangeLog-5.php#5.5.34
Plugin Details
Severity: Critical
ID: 9171
Family: Web Servers
Published: 4/8/2016
Updated: 3/6/2019
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:php:php
Patch Publication Date: 3/31/2016
Vulnerability Publication Date: 3/29/2016