Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10747
HistoryJan 19, 2016 - 12:00 a.m.

KLA10747 Obsolete PHP version in XAMPP & WAMP

2016-01-1900:00:00
Kaspersky Lab
threats.kaspersky.com
151

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.4 High

AI Score

Confidence

Low

0.176 Low

EPSS

Percentile

96.2%

JSON

Obsolete version of PHP was found in XAMPP & WAMP. Details about PHP vulnerabilities you can get at KLA10746.

Original advisories

Related products

PHP

CVE list

CVE-2016-1904 critical

CVE-2016-1903 high

CVE-2015-8617 critical

CVE-2015-8616 critical

CVE-2015-6836 critical

CVE-2015-6833 warning

CVE-2015-6832 critical

CVE-2015-6831 critical

CVE-2015-6527 critical

CVE-2015-5590 critical

Solution

Update XAMPP or WAMP if vendor released corresponding patch or update PHP module individually.XAMPP downloads page

WAMP downloads page

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • WLF

Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.

Affected Products

  • PHP 7 versions earlier than 7.0.2PHP 5.6 versions earlier than 5.6.17PHP versions earlier than 5.5.31

Related

kaspersky 1
openvas 37
nessus 43
freebsd 3
amazon 4
f5 6
ubuntu 1
archlinux 1
suse 4
osv 4
veracode 11
debian 3
redhat 1
hackerone 5
ubuntucve 10
cvelist 11
cve 11
prion 11
nvd 11
debiancve 4
openwrt 2
mageia 3
zdt 1
redhatcve 1
fedora 3
securityvulns 3
slackware 2
ibm 1
thn 1
kaspersky
kaspersky
KLA10746 Multiple vulnerabilities in PHP
2016-01-19 00:00:00
openvas
openvas
PHP Multiple Vulnerabilities - 01 (Mar 2016) - Linux
2016-03-01 00:00:00
PHP Multiple Vulnerabilities - 01 (Mar 2016) - Windows
2016-03-01 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-583)
2015-09-08 00:00:00
nessus
nessus
FreeBSD : php5 -- multiple vulnerabilities (787ef75e-44da-11e5-93ad-002590263bf5)
2015-08-18 00:00:00
Amazon Linux AMI : php56 (ALAS-2015-585) (BACKRONYM)
2015-08-18 00:00:00
Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)
2015-08-18 00:00:00
freebsd
freebsd
php5 -- multiple vulnerabilities
2015-08-06 00:00:00
php-phar -- multiple vulnerabilities
2015-06-24 00:00:00
php -- multiple vulnerabilities
2015-09-03 00:00:00
amazon
amazon
Medium: php55
2015-08-17 12:41:00
Medium: php56
2015-08-17 12:46:00
Medium: php54
2015-08-17 12:39:00
f5
f5
K59722044 : PHP vulnerabilities CVE-2016-1903 and CVE-2016-1904
2016-03-08 00:00:00
SOL59722044 - PHP vulnerabilities CVE-2016-1903 and CVE-2016-1904
2016-03-07 00:00:00
SOL71059632 - PHP vulnerability CVE-2015-8616
2016-05-04 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-09-30 00:00:00
archlinux
archlinux
php: multiple issues
2016-01-14 00:00:00
suse
suse
Security update for php53 (important)
2015-10-26 15:09:54
Security update for php5 (important)
2015-09-25 11:09:46
Security update for php5 (important)
2015-09-25 15:09:56
osv
osv
php5 - security update
2015-08-27 00:00:00
php5 - security update
2015-11-08 00:00:00
CVE-2016-4473
2017-06-08 20:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:27:42
Use After Free
2019-05-02 05:27:42
Denial Of Service (DoS)
2019-05-02 05:27:42
debian
debian
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
[SECURITY] [DSA 3344-1] php5 security update
2015-08-27 15:00:09
[SECURITY] [DSA 3358-1] php5 security update
2015-09-13 14:58:00
redhat
redhat
(RHSA-2016:0457) Moderate: rh-php56-php security update
2016-03-15 00:00:00
hackerone
hackerone
Internet Bug Bounty: Dangling pointer in the unserialization of ArrayObject items
2015-07-13 00:00:00
Internet Bug Bounty: Arbitrary code execution in str_ireplace function
2015-07-26 00:00:00
Internet Bug Bounty: Files extracted from archive may be placed outside of destination directory
2015-07-08 00:00:00
ubuntucve
ubuntucve
CVE-2015-6833
2015-08-27 00:00:00
CVE-2016-1903
2016-01-19 00:00:00
CVE-2015-6832
2015-08-27 00:00:00
cvelist
cvelist
CVE-2015-6833
2016-01-19 02:00:00
CVE-2015-6832
2016-01-19 02:00:00
CVE-2015-6527
2016-01-19 02:00:00
cve
cve
CVE-2015-6832
2016-01-19 05:59:03
CVE-2015-6527
2016-01-19 05:59:01
CVE-2015-5590
2016-01-19 05:59:00
prion
prion
Design/Logic Flaw
2016-01-19 05:59:00
Directory traversal
2016-01-19 05:59:00
Design/Logic Flaw
2016-01-19 05:59:00
nvd
nvd
CVE-2015-6527
2016-01-19 05:59:01
CVE-2015-6832
2016-01-19 05:59:03
CVE-2015-6833
2016-01-19 05:59:04
debiancve
debiancve
CVE-2016-1903
2016-01-19 05:59:00
CVE-2015-8616
2016-01-19 05:59:00
CVE-2016-1904
2016-01-19 05:59:00
openwrt
openwrt
php: Security update (CVE-2016-1903)
2016-01-28 12:25:14
prosody: Security update (2 CVEs)
2016-01-28 12:25:32
mageia
mageia
Updated php packages fix security vulnerability
2016-01-17 03:26:26
Updated php package fixes security vulnerabilities
2015-07-23 12:39:14
Updated php packages fix security vulnerabilities
2015-09-14 00:58:30
zdt
zdt
PHP 7.0.0 - Format String
2015-12-23 00:00:00
redhatcve
redhatcve
CVE-2016-4473
2016-08-22 20:48:41
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.11-1.fc21
2015-07-29 01:58:13
[SECURITY] Fedora 21 Update: php-5.6.13-1.fc21
2015-09-14 22:23:26
[SECURITY] Fedora 22 Update: php-5.6.13-1.fc22
2015-09-14 23:22:46
securityvulns
securityvulns
PHP security vulnerabilities
2015-08-31 00:00:00
[SECURITY] [DSA 3344-1] php5 security update
2015-08-31 00:00:00
PHP multiple security vulnerabilities
2015-09-15 00:00:00
slackware
slackware
[slackware-security] php
2016-02-04 00:07:13
[slackware-security] php
2015-10-01 21:35:28
ibm
ibm
Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)
2018-06-18 01:31:31
thn
thn
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
2016-12-28 23:45:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.4 High

AI Score

Confidence

Low

0.176 Low

EPSS

Percentile

96.2%

JSON
Related for KLA10747
kaspersky1openvas37nessus43freebsd3amazon4f56ubuntu1archlinux1suse4osv4veracode11debian3redhat1hackerone5ubuntucve10cvelist11cve11prion11nvd11debiancve4openwrt2mageia3zdt1redhatcve1fedora3securityvulns3slackware2ibm1thn1