Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98807
HistoryJan 09, 2019 - 12:00 a.m.

PHP 5.6.x < 5.6.18 Multiple Vulnerabilities

2019-01-0900:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.05

Percentile

92.9%

JSON

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities :

  • The Perl-Compatible Regular Expressions (PCRE) library is affected by multiple vulnerabilities related to the handling of regular expressions, subroutine calls, and binary files. A remote attacker can exploit these to cause a denial of service, obtain sensitive information, or have other unspecified impact. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)

  • A flaw exists in file ext/standard/exec.c in the escapeshellcmd() and escapeshellarg() functions due to the program truncating NULL bytes in strings. A remote attacker can exploit this to bypass restrictions.

  • A flaw exists in file ext/standard/streamsfuncs.c in the stream_get_meta_data() function due to a failure to restrict writing user-supplied data to fields not already set. A remote attacker can exploit this to falsify the output of the function, resulting in the insertion of malicious metadata.

  • A type confusion error exists in file ext/wddx/wddx.c in the php_wddx_pop_element() function when deserializing WDDX packets. A remote attacker can exploit this to have an unspecified impact.

  • A flaw exists in file ext/phar/phar_object.c in the PharFileInfo::getContent() method due to the use of uninitialized memory causing improper validation of user-supplied input. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code.

  • A NULL pointer dereference flaw exists in file ext/phar/tar.c in the phar_tar_setupmetadata() function when parsing metadata from a crafted TAR file. A remote attacker can exploit this to cause a denial of service.

  • An integer overflow condition exists in file ext/standard/iptc.c in the iptcembed() function due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service or the execution of arbitrary code.

  • An overflow condition exists in file ext/phar/tar.c in the phar_parse_tarfile() function due to improper validation of user-supplied input when decompressing TAR files. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code.

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

Related

nessus 38
fedora 3
freebsd 1
openvas 17
ibm 12
amazon 6
symantec 1
gentoo 1
openwrt 1
f5 4
ubuntu 1
rosalinux 1
cvelist 8
cve 8
debiancve 8
nvd 8
prion 8
ubuntucve 8
veracode 58
redhat 3
oraclelinux 1
centos 1
suse 2
nessus
nessus
Tenable SecurityCenter < 5.3.0 Multiple Vulnerabilities (TNS-2016-04)
2016-09-06 00:00:00
Fedora 22 : pcre-8.38-1.fc22 (2015-eb896290d3)
2016-03-04 00:00:00
FreeBSD : php -- multiple vulnerabilities (85eb4e46-cf16-11e5-840f-485d605f4717)
2016-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: pcre-8.38-1.fc22
2016-01-04 19:59:47
[SECURITY] Fedora 23 Update: mingw-pcre-8.38-1.fc23
2016-02-17 04:01:55
[SECURITY] Fedora 22 Update: mingw-pcre-8.38-1.fc22
2016-02-17 04:25:54
freebsd
freebsd
php -- multiple vulnerabilities
2016-02-04 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-1733)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2018-1167)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-2943-1)
2016-04-11 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application
2018-06-15 07:08:32
Security Bulletin:Multiple vulnerabilities in PCRE affect IBM Tivoli Network Manager IP Edition.
2018-06-17 15:15:49
Security Bulletin: Multiple vulnerabilities Perl Compatible Regular Expression (PCRE) libraries - IBM Aspera Shares Application
2019-07-10 10:10:01
amazon
amazon
Medium: pcre
2023-06-05 16:39:00
Medium: glib2
2023-06-21 19:11:00
Medium: glib2
2023-06-21 19:11:00
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
f5
f5
SOL20225390 - Multiple PCRE vulnerabilities
2016-02-04 00:00:00
K20225390 : Multiple PCRE vulnerabilities
2016-02-04 00:00:00
K05428062 : pcregrep in PCRE vulnerability CVE-2015-8393
2016-02-08 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
cvelist
cvelist
CVE-2015-8389
2015-12-02 00:00:00
CVE-2015-8393
2015-12-02 00:00:00
CVE-2015-8390
2015-12-02 00:00:00
cve
cve
CVE-2015-8389
2015-12-02 01:59:13
CVE-2015-8390
2015-12-02 01:59:14
CVE-2015-8391
2015-12-02 01:59:15
debiancve
debiancve
CVE-2015-8389
2015-12-02 01:59:13
CVE-2015-8390
2015-12-02 01:59:14
CVE-2015-8393
2015-12-02 01:59:17
nvd
nvd
CVE-2015-8390
2015-12-02 01:59:14
CVE-2015-8393
2015-12-02 01:59:17
CVE-2015-8391
2015-12-02 01:59:15
prion
prion
Code injection
2015-12-02 01:59:00
Code injection
2015-12-02 01:59:00
Code injection
2015-12-02 01:59:00
ubuntucve
ubuntucve
CVE-2015-8390
2015-12-01 00:00:00
CVE-2015-8391
2015-12-01 00:00:00
CVE-2015-8389
2015-12-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:34:19
Denial Of Service (DoS)
2019-05-02 05:34:18
Denial Of Service (DoS)
2019-05-02 05:34:18
redhat
redhat
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
(RHSA-2016:1132) Important: rh-mariadb100-mariadb security update
2016-05-26 08:10:09
(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update
2016-11-15 11:13:31
oraclelinux
oraclelinux
pcre security update
2016-05-11 00:00:00
centos
centos
pcre security update
2016-05-13 00:44:08
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.05

Percentile

92.9%

JSON
Related for WEB_APPLICATION_SCANNING_98807
nessus38fedora3freebsd1openvas17ibm12amazon6symantec1gentoo1openwrt1f54ubuntu1rosalinux1cvelist8cve8debiancve8nvd8prion8ubuntucve8veracode58redhat3oraclelinux1centos1suse2