PHP 5.5.x < 5.5.33 / 5.6.x < 5.6.19 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9174

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.5.x prior to 5.5.33, or 5.6.x prior to 5.6.19 are vulnerable to the following issues :

- A use-after-free error exists in the 'php_wddx_pop_element()' function in 'ext/wddx/wddx.c'. The issue is triggered when handling crafted XML data. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.
- An out-of-bounds read flaw exists in the 'phar_parse_zipfile()' function in 'ext/phar/zip.c' that may allow a remote attacker to trigger a crash or gain unauthorized access to information.

Solution

Upgrade to PHP version 5.6.19 or later. If 5.6.x cannot be obtained, 5.5.33 is also patched for these vulnerabilities.

See Also

http://www.php.net/ChangeLog-5.php#5.5.33

http://www.php.net/ChangeLog-5.php#5.6.19

Plugin Details

Severity: Critical

ID: 9174

Family: Web Servers

Published: 4/8/2016

Updated: 3/6/2019

Nessus ID: 90007, 90008

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:php:php

Patch Publication Date: 3/3/2016

Vulnerability Publication Date: 3/2/2016

Reference Information

CVE: CVE-2016-3141, CVE-2016-3142

BID: 84271, 84306, 84307, 84348, 84349, 84350, 84351