Lucene search

K

Kaspersky LabKLA10290

HistoryJul 10, 2014 - 12:00 a.m.

KLA10290 DoS vulnerability in PHP

2014-07-1000:00:00

Kaspersky Lab

threats.kaspersky.com

99

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.3%

A use-after-free vulnerability was found in PHP. By exploiting this vulnerability malicious users can cause denial of service or cause other unspecified impact. This vulnerability can be exploited locally at a point related to SPL.

Original advisories

Related products

CVE list

CVE-2014-4698 warning

CVE-2014-4670 warning

Solution

Update to latest version

Impacts

DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

PHP versions 5.5.14 and earlier

References

bugs.php.net/bug.php?id=67538

statistics.securelist.com/

threats.kaspersky.com/en/product/PHP/

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.3%

Related for KLA10290

nessus25 openvas18 mageia1 nvd2 prion2 cve2 cvelist2 ubuntucve2 veracode5 f52 centos2 hackerone1 redhat4 oraclelinux3 slackware1 securityvulns4 ubuntu1 osv2 debian5 gentoo1 suse1 rosalinux1