Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K35799130
HistoryOct 11, 2016 - 12:00 a.m.

K35799130 : Multiple PHP vulnerabilities

2016-10-1100:00:00
my.f5.com
78

AI Score

9.6

Confidence

Low

EPSS

0.177

Percentile

96.2%

JSON

Security Advisory Description

The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image."

The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image."

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument."

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773."

Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function."

Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL."
Impact
There is no impact; F5 products are not affected by this vulnerability.

Related

f5 2
openvas 36
mageia 2
debian 5
nessus 42
freebsd 1
debiancve 8
nvd 8
ubuntucve 9
cvelist 8
prion 8
redhatcve 8
cve 8
osv 4
cloudfoundry 1
ubuntu 2
suse 7
ibm 3
packetstorm 2
exploitdb 2
zdt 2
exploitpack 2
checkpoint_advisories 1
fedora 3
thn 1
threatpost 1
gentoo 1
centos 1
redhat 1
oraclelinux 1
veracode 19
f5
f5
SOL35799130 - Multiple PHP vulnerabilities
2016-10-11 00:00:00
K29691966 : PHP vulnerability CVE-2016-5773
2016-12-22 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0267)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3631-1)
2016-08-02 00:00:00
Debian Security Advisory DSA 3631-1 (php5 - security update)
2016-08-02 00:00:00
mageia
mageia
Updated php/xmlrpc-epi/timezone packages fix security vulnerability
2016-07-27 00:59:16
Updated php packages fix security vulnerability
2016-07-05 18:47:08
debian
debian
[SECURITY] [DSA 3631-1] php5 security update
2016-07-26 20:46:29
[SECURITY] [DLA 628-1] php5 security update
2016-09-18 15:12:08
[SECURITY] [DLA 569-1] xmlrpc-epi security update
2016-07-29 21:13:39
nessus
nessus
Debian DSA-3631-1 : php5 - security update (httpoxy)
2016-07-27 00:00:00
FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)
2016-07-27 00:00:00
PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)
2016-07-26 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2016-07-21 00:00:00
debiancve
debiancve
CVE-2016-6295
2016-07-25 14:59:00
CVE-2016-6296
2016-07-25 14:59:10
CVE-2016-6297
2016-07-25 14:59:00
nvd
nvd
CVE-2016-6295
2016-07-25 14:59:08
CVE-2016-6296
2016-07-25 14:59:10
CVE-2016-6294
2016-07-25 14:59:07
ubuntucve
ubuntucve
CVE-2016-6295
2016-07-25 00:00:00
CVE-2016-6294
2016-07-25 00:00:00
CVE-2016-6292
2016-07-25 00:00:00
cvelist
cvelist
CVE-2016-6295
2016-07-25 14:00:00
CVE-2016-6297
2016-07-25 14:00:00
CVE-2016-6294
2016-07-25 14:00:00
prion
prion
Design/Logic Flaw
2016-07-25 14:59:00
Design/Logic Flaw
2016-07-25 14:59:00
Out-of-bounds
2017-04-21 20:59:00
redhatcve
redhatcve
CVE-2016-6295
2016-07-25 14:19:51
CVE-2016-6294
2016-07-25 13:48:29
CVE-2016-6297
2016-07-25 14:19:55
cve
cve
CVE-2016-6295
2016-07-25 14:59:08
CVE-2016-6297
2016-07-25 14:59:11
CVE-2016-6294
2016-07-25 14:59:07
osv
osv
php5 - security update
2016-09-18 00:00:00
xmlrpc-epi - security update
2016-07-29 00:00:00
xmlrpc-epi - security update
2019-11-26 00:00:00
cloudfoundry
cloudfoundry
USN-3045-1 PHP vulnerabilities | Cloud Foundry
2016-09-09 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2016-08-02 00:00:00
xmlrpc-epi vulnerability
2016-08-10 00:00:00
suse
suse
Security update for php5 (important)
2016-08-16 13:10:01
Security update for php5 (important)
2016-10-04 17:11:09
Security update for php5 (important)
2016-09-28 15:09:48
ibm
ibm
Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
2018-06-16 20:06:28
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities
2018-06-18 01:33:37
Security Bulletin: Vulnerabilities in PHP affect PowerKVM
2018-06-18 01:34:16
packetstorm
packetstorm
PHP 7.0.8 / 5.6.23 / 5.5.37 bzread() OOB Write
2016-07-21 00:00:00
Kerio Control Unified Threat Management Code Execution / XSS / Memory Corruption
2016-09-22 00:00:00
exploitdb
exploitdb
PHP 5.5.37/5.6.23/7.0.8 - &#039;bzread()&#039; Out-of-Bounds Write
2016-07-25 00:00:00
Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities
2016-09-22 00:00:00
zdt
zdt
PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write
2016-07-25 00:00:00
Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabiliti
2016-09-22 00:00:00
exploitpack
exploitpack
PHP 5.5.375.6.237.0.8 - bzread() Out-of-Bounds Write
2016-07-25 00:00:00
Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities
2016-09-22 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Exif_Process_User_Comment Null Pointer Dereference (CVE-2016-6292)
2016-08-21 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-pecl-zip-1.12.5-2.fc22
2016-07-02 19:28:40
[SECURITY] Fedora 24 Update: php-pecl-zip-1.13.3-1.fc24
2016-07-02 15:45:20
[SECURITY] Fedora 23 Update: php-pecl-zip-1.13.3-1.fc23
2016-07-02 19:34:44
thn
thn
PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website
2016-07-24 20:25:00
threatpost
threatpost
Pornhub Hack Earns Researchers $22,000
2016-07-25 13:01:30
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-11-30 00:00:00
centos
centos
php security update
2016-11-25 15:41:35
redhat
redhat
(RHSA-2016:2598) Moderate: php security and bug fix update
2016-11-03 06:07:16
oraclelinux
oraclelinux
php security and bug fix update
2016-11-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:02:14
Denial Of Service (DoS)
2019-05-02 06:02:20
Denial Of Service (DoS)
2019-05-02 06:02:17

AI Score

9.6

Confidence

Low

EPSS

0.177

Percentile

96.2%

JSON
Related for F5:K35799130
f52openvas36mageia2debian5nessus42freebsd1debiancve8nvd8ubuntucve9cvelist8prion8redhatcve8cve8osv4cloudfoundry1ubuntu2suse7ibm3packetstorm2exploitdb2zdt2exploitpack2checkpoint_advisories1fedora3thn1threatpost1gentoo1centos1redhat1oraclelinux1veracode19