PHP Multiple Vulnerabilities - 05 - Jul16 (Linux)

Published: 2016-07-29 06:24:44
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

This host is installed with PHP and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws are due to - An integer overflow in the 'php_stream_zip_opener' function in 'ext/zip/zip_stream.c' script. - An integer signedness error in the 'simplestring_addn' function in 'simplestring.c' in xmlrpc-epi. - The 'ext/snmp/snmp.c' script improperly interacts with the unserialize implementation and garbage collection. - The 'locale_accept_from_http' function in 'ext/intl/locale/locale_methods.c' script does not properly restrict calls to the ICU 'uloc_acceptLanguageFromHTTP' function. - An error in the 'exif_process_user_comment' function in 'ext/exif/exif.c' script. - An error in the 'exif_process_IFD_in_MAKERNOTE' function in 'ext/exif/exif.c' script. - The 'ext/session/session.c' does not properly maintain a certain hash data structure. - An integer overflow in the 'virtual_file_ex' function in 'TSRM/tsrm_virtual_cwd.c' script. - An error in the 'php_url_parse_ex' function in 'ext/standard/url.c' script.

Successfully exploiting this issue may allow attackers to cause a denial of service obtain sensitive information from process memory, or possibly have unspecified other impact.

Affected Versions:
PHP versions before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 on Linux

Upgrade to PHP version 5.5.38, or 5.6.24, or 7.0.9, or later.

Solution Type:
Vendor Patch

Detection Type:
Remote Banner Unreliable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

SecurityFocus Bugtraq ID:


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.