Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.5.x < 5.5.33 / 5.6.x < 5.6.19 Multiple Vulnerabilities

Critical

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

Versions of PHP 5.5.x prior to 5.5.33, or 5.6.x prior to 5.6.19 are vulnerable to the following issues :

- A use-after-free error exists in the 'php_wddx_pop_element()' function in 'ext/wddx/wddx.c'. The issue is triggered when handling crafted XML data. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 135224) - An out-of-bounds read flaw exists in the 'phar_parse_zipfile()' function in 'ext/phar/zip.c' that may allow a remote attacker to trigger a crash or gain unauthorized access to information. (OSVDB 135225)

Solution

Upgrade to PHP version 5.6.19 or later. If 5.6.x cannot be obtained, 5.5.33 is also patched for these vulnerabilities.