Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2017-0534-1.NASL
HistoryJan 02, 2019 - 12:00 a.m.

SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)

2019-01-0200:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.582 Medium

EPSS

Percentile

97.7%

JSON

This update for php7 fixes the following security issues :

  • CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568)

  • CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570)

  • CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the ‘properties’ hash table of a serialized object may have lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. (bsc#1019547)

  • CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. (bsc#1019550)

  • CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
    (bsc#1022255)

  • CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
    (bsc#1022257)

  • CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
    (bsc#1022260)

  • CVE-2016-10162: The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7 allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. (bsc#1022262)

  • CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263)

  • CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264)

  • CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265)

  • CVE-2016-9138: PHP mishandled property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. (bsc#1008026)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0534-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(119993);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2015-8876", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10162", "CVE-2016-10166", "CVE-2016-10167", "CVE-2016-10168", "CVE-2016-7478", "CVE-2016-7479", "CVE-2016-7480", "CVE-2016-9138", "CVE-2017-5340");

  script_name(english:"SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for php7 fixes the following security issues :

  - CVE-2016-7480: The SplObjectStorage unserialize
    implementation in ext/spl/spl_observer.c in PHP did not
    verify that a key is an object, which allowed remote
    attackers to execute arbitrary code or cause a denial of
    service (uninitialized memory access) via crafted
    serialized data. (bsc#1019568)

  - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled
    certain cases that require large array allocations,
    which allowed remote attackers to execute arbitrary code
    or cause a denial of service (integer overflow,
    uninitialized memory access, and use of arbitrary
    destructor function pointers) via crafted serialized
    data. (bsc#1019570)

  - CVE-2016-7479: In all versions of PHP 7, during the
    unserialization process, resizing the 'properties' hash
    table of a serialized object may have lead to
    use-after-free. A remote attacker may exploit this bug
    to gain arbitrary code execution. (bsc#1019547)

  - CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed
    remote attackers to cause a denial of service (infinite
    loop) via a crafted Exception object in serialized data,
    a related issue to CVE-2015-8876. (bsc#1019550)

  - CVE-2016-10159: Integer overflow in the
    phar_parse_pharfile function in ext/phar/phar.c in PHP
    allowed remote attackers to cause a denial of service
    (memory consumption or application crash) via a
    truncated manifest entry in a PHAR archive.
    (bsc#1022255)

  - CVE-2016-10160: Off-by-one error in the
    phar_parse_pharfile function in ext/phar/phar.c in PHP
    allowed remote attackers to cause a denial of service
    (memory corruption) or possibly execute arbitrary code
    via a crafted PHAR archive with an alias mismatch.
    (bsc#1022257)

  - CVE-2016-10161: The object_common1 function in
    ext/standard/var_unserializer.c in PHP allowed remote
    attackers to cause a denial of service (buffer over-read
    and application crash) via crafted serialized data that
    is mishandled in a finish_nested_data call.
    (bsc#1022260)

  - CVE-2016-10162: The php_wddx_pop_element function in
    ext/wddx/wddx.c in PHP 7 allowed remote attackers to
    cause a denial of service (NULL pointer dereference and
    application crash) via an inapplicable class name in a
    wddxPacket XML document, leading to mishandling in a
    wddx_deserialize call. (bsc#1022262)

  - CVE-2016-10166: A potential unsigned underflow in gd
    interpolation functions could lead to memory corruption
    in the PHP gd module (bsc#1022263)

  - CVE-2016-10167: A denial of service problem in
    gdImageCreateFromGd2Ctx() could lead to php out of
    memory even on small files. (bsc#1022264)

  - CVE-2016-10168: A signed integer overflow in the gd
    module could lead to memory corruption (bsc#1022265)

  - CVE-2016-9138: PHP mishandled property modification
    during __wakeup processing, which allows remote
    attackers to cause a denial of service or possibly have
    unspecified other impact via crafted serialized data, as
    demonstrated by Exception::__toString with
    DateInterval::__wakeup. (bsc#1008026)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1008026"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019550"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019568"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019570"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022255"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022260"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022262"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022263"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022264"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022265"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10158/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10159/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10160/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10161/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10162/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10166/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10167/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10168/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-7480/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-9138/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-5340/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20170534-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f193c1ba"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-277=1

SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
patch SUSE-SLE-SDK-12-SP1-2017-277=1

SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
SUSE-SLE-Module-Web-Scripting-12-2017-277=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-bz2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-calendar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ctype-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-curl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-dom-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-enchant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-exif-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fastcgi-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fileinfo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-fpm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ftp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gettext-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-gmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-iconv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-imap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-intl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-json-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mbstring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mcrypt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-odbc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-opcache-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pcntl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pdo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pgsql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-phar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-posix-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-pspell-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-shmop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-snmp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-soap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sockets-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvmsg-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvsem-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-sysvshm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-tokenizer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-wddx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlreader-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlrpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xmlwriter-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-xsl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zip-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:php7-zlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"apache2-mod_php7-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bcmath-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-bz2-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-calendar-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ctype-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-curl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dba-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-debugsource-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-dom-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-enchant-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-exif-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fastcgi-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fileinfo-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-fpm-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ftp-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gd-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gettext-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-gmp-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-iconv-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-imap-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-intl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-json-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-ldap-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mbstring-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mcrypt-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-mysql-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-odbc-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-opcache-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-openssl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pcntl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pdo-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pgsql-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-phar-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-posix-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-pspell-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-shmop-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-snmp-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-soap-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sockets-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sqlite-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvmsg-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvsem-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-sysvshm-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-tokenizer-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-wddx-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlreader-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlrpc-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xmlwriter-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-xsl-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zip-debuginfo-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-7.0.7-35.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"php7-zlib-debuginfo-7.0.7-35.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php7");
}
VendorProductVersionCPE
novellsuse_linuxapache2-mod_php7p-cpe:/a:novell:suse_linux:apache2-mod_php7
novellsuse_linuxapache2-mod_php7-debuginfop-cpe:/a:novell:suse_linux:apache2-mod_php7-debuginfo
novellsuse_linuxphp7p-cpe:/a:novell:suse_linux:php7
novellsuse_linuxphp7-bcmathp-cpe:/a:novell:suse_linux:php7-bcmath
novellsuse_linuxphp7-bcmath-debuginfop-cpe:/a:novell:suse_linux:php7-bcmath-debuginfo
novellsuse_linuxphp7-bz2p-cpe:/a:novell:suse_linux:php7-bz2
novellsuse_linuxphp7-bz2-debuginfop-cpe:/a:novell:suse_linux:php7-bz2-debuginfo
novellsuse_linuxphp7-calendarp-cpe:/a:novell:suse_linux:php7-calendar
novellsuse_linuxphp7-calendar-debuginfop-cpe:/a:novell:suse_linux:php7-calendar-debuginfo
novellsuse_linuxphp7-ctypep-cpe:/a:novell:suse_linux:php7-ctype
Rows per page:
1-10 of 1041

References

Related

nessus 41
suse 4
openvas 39
amazon 2
slackware 2
osv 14
debian 7
ubuntu 4
mageia 3
gentoo 1
freebsd 1
cloudfoundry 2
thn 1
nvd 9
fedora 2
redhatcve 6
cvelist 8
debiancve 9
prion 8
kaspersky 2
cve 7
ibm 2
centos 1
oraclelinux 1
redhat 2
ubuntucve 9
checkpoint_advisories 2
veracode 6
hackerone 2
f5 1
alpinelinux 1
nessus
nessus
openSUSE Security Update : php7 (openSUSE-2017-304)
2017-03-07 00:00:00
SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0568-1)
2017-02-28 00:00:00
Amazon Linux AMI : php70 (ALAS-2017-812)
2017-03-30 00:00:00
suse
suse
Security update for php7 (important)
2017-03-02 15:12:04
Security update for php7 (important)
2017-02-22 15:08:24
Security update for php53 (important)
2017-02-27 18:08:46
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:0534-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for php7 (openSUSE-SU-2017:0588-1)
2017-03-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0556-1)
2021-06-09 00:00:00
amazon
amazon
Medium: php70
2017-03-29 20:15:00
Medium: php56
2017-03-28 23:30:00
slackware
slackware
[slackware-security] php
2017-02-10 20:41:10
[slackware-security] gd
2017-07-18 23:14:05
osv
osv
php5 - security update
2017-02-08 00:00:00
CVE-2016-7478
2017-01-11 06:59:00
php5 - security update
2017-03-28 00:00:00
debian
debian
[SECURITY] [DSA 3783-1] php5 security update
2017-02-09 02:28:30
[SECURITY] [DSA 3783-1] php5 security update
2017-02-09 02:28:30
[SECURITY] [DLA 875-1] php5 security update
2017-03-27 23:05:29
ubuntu
ubuntu
PHP vulnerabilities
2017-02-23 00:00:00
PHP regression
2017-03-02 00:00:00
PHP vulnerabilities
2017-02-14 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2017-02-04 21:41:12
Updated libgd packages fix security vulnerability
2017-02-20 16:00:19
Updated libwmf packages fix security vulnerability
2017-03-25 19:56:41
gentoo
gentoo
PHP: Multiple vulnerabilities
2017-02-21 00:00:00
freebsd
freebsd
PHP -- multiple vulnerabilities
2016-12-27 00:00:00
cloudfoundry
cloudfoundry
Multiple PHP vulnerabilities | Cloud Foundry
2017-03-17 00:00:00
USN-3213-1: GD library vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
thn
thn
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
2016-12-28 23:45:00
nvd
nvd
CVE-2016-7478
2017-01-11 06:59:00
CVE-2016-10162
2017-01-24 21:59:00
CVE-2016-10159
2017-01-24 21:59:00
fedora
fedora
[SECURITY] Fedora 25 Update: libwmf-0.2.8.4-50.fc25
2017-02-10 14:25:40
[SECURITY] Fedora 24 Update: libwmf-0.2.8.4-50.fc24
2017-03-13 23:52:40
redhatcve
redhatcve
CVE-2016-7478
2017-01-11 15:47:36
CVE-2016-10162
2017-02-03 12:49:37
CVE-2016-9138
2016-11-02 12:17:27
cvelist
cvelist
CVE-2016-7478
2017-01-11 06:02:00
CVE-2016-9138
2017-01-04 20:00:00
CVE-2016-10162
2017-01-24 21:00:00
debiancve
debiancve
CVE-2016-7478
2017-01-11 06:59:00
CVE-2016-7480
2017-01-11 07:59:00
CVE-2016-9138
2017-01-04 20:59:00
prion
prion
Design/Logic Flaw
2017-01-11 06:59:00
Null pointer dereference
2017-01-24 21:59:00
Code injection
2017-01-12 00:59:00
kaspersky
kaspersky
KLA10943 Denial of service vulnerability in PHP
2017-01-11 00:00:00
KLA10944 Denial of service and arbitrary code execution vulnerabilities in PHP
2017-01-11 00:00:00
cve
cve
CVE-2016-7478
2017-01-11 06:59:00
CVE-2016-10162
2017-01-24 21:59:00
CVE-2016-10158
2017-01-24 21:59:00
ibm
ibm
Security Bulletin: Vulnerabilities in PHP affect PowerKVM
2018-06-18 01:40:47
Security Bulletin: IBM Flex System Manager (FSM) is affected by a php5 vulnerability (CVE-2016-10158)
2018-06-18 01:35:37
centos
centos
php security update
2017-11-15 21:26:52
oraclelinux
oraclelinux
php security update
2017-11-15 00:00:00
redhat
redhat
(RHSA-2017:3221) Moderate: php security update
2017-11-15 04:10:03
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
ubuntucve
ubuntucve
CVE-2016-9138
2017-01-04 00:00:00
CVE-2016-7478
2017-01-11 00:00:00
CVE-2016-10162
2017-01-24 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP 7 Unserialization Exception Infinite Loop Denial of Service (CVE-2016-7478)
2016-10-18 00:00:00
PHP 7 Unserialization Malicious toString Remote Code Execution (CVE-2016-7479)
2016-10-18 00:00:00
veracode
veracode
Null Pointer Dereference
2019-05-16 02:59:58
Denial Of Service (DoS)
2019-01-15 09:23:08
Denial Of Service (DoS)
2019-05-16 02:59:57
hackerone
hackerone
Internet Bug Bounty: NULL Pointer Dereference while unserialize php object
2017-01-04 09:39:48
Internet Bug Bounty: efree() on uninitialized Heap data in imagescale leads to use-after-free
2019-01-12 00:41:08
f5
f5
K05918709 : PHP vulnerability CVE-2016-7479
2017-03-14 00:00:00
alpinelinux
alpinelinux
CVE-2016-10168
2017-03-15 15:59:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.582 Medium

EPSS

Percentile

97.7%

JSON
Related for SUSE_SU-2017-0534-1.NASL
nessus41suse4openvas39amazon2slackware2osv14debian7ubuntu4mageia3gentoo1freebsd1cloudfoundry2thn1nvd9fedora2redhatcve6cvelist8debiancve9prion8kaspersky2cve7ibm2centos1oraclelinux1redhat2ubuntucve9checkpoint_advisories2veracode6hackerone2f51alpinelinux1